No one is at all clear at all about the origins of a purported cyber attack against South Korean media and financial organizations yesterday, which left broadcaster and bank networks paralyzed for hours. The obvious culprit is a state-sponsored attack from North Korea, but even if that nation isn’t directly responsible, it may not make a difference, given the heightened tensions in the region.
According to reports, three South Korean TV networks, KBS, MBS and YTN, as well as Shinhan Bank and Nonghyup Bank, reported that their networks had suddenly been shut down on Wednesday afternoon, local time. The takedown was apparently not from a distributed denial-of-service (DDOS) attack, but a virus that has apparently infected machines in these organizations and delivered its payload simultaneously. There were scattered reports of users seeing skulls on the screens of the affected machines before they shut down, anecdotal evidence that malware was indeed the cause.
South Korea has been the victim of cyber attacks before, of course, just like any other computerized nation. And many of these coordinated efforts have been ultimately traced back to North Korea.
No broadcasts were interrupted by the crashed computers, which apparently only hit the workstations of the television stations’ staff. Some banking services, such as ATM and online banking, were adversely affected by the shutdowns, though the banks are reporting that those services have been restored.
Update: Security vendor AlienVault has posted additional information gleaned about this particular attack.
North Korea is suspected of being the source of these attacks, just as they have done in the past. North Korea has increased its saber-rattling following new UN sanctions and joint US-South Korean military exercises being conducted in the region, and even accused the U.S. and South Korea of similar cyber attacks against its Internet servers on March 15.
No proof has been offered yet on the source of these latest attacks, but it ultimately may not matter. This kind of attack could have been launched by anyone, since malware can be easy to deliver to unsuspecting computer users. Anyone from sophisticated cyber criminals to script kiddies could have started this, and until there is detailed analysis of the malware, conclusions should be approached with caution.
The problem is, it may not matter. Malware attacks within such an increasingly tense political and military situation are the equivalent of yelling “fire!” in a movie theater or – more appropriately – throwing a lit match into a barrel of fuel.
No matter what the source of this attack, tensions have been ratcheted up, the South Korean armed forces on a state of higher alert. If things go sideways on the Korean peninsula, this could be the first major confrontation preceded by cyber attacks. And when the dust settles, no one may care who actually wrote the code.
Image courtesy of Shutterstock.