Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Lessons from the recent South Korean cyber attack for AP

Nurdianah Md Nur | April 9, 2013
As targeted cyber attacks become more sophisticated, companies in Asia should relook their security strategy for wholesome coverage.

Businesses in Asia today should relook at their security strategies as standard defences are no longer sufficient to handle targeted sophisticated attacks, reports Trend Micro.

Aside from advanced persistent threats, malware, software vulnerabilities, exploits and zero-day threats, Trend Micro says that companies have to be prepared for attacks that specifically target the companies' infrastructure to circumvent and compromise it.

This is illustrated by the recent cyber attack on South Korean government agencies and corporations. As a malware overwrote the Master Boot Record (MBR), the affected operating systems were unable to boot correctly, thereby causing several computer screens to either go black or show images of a skull and warning.

Drawing from the incident, Trend Micro notes the following three lessons on cyber attacks and security that are beneficial for companies in Asia Pacific.

Firstly, all platforms and devices are viable targets to attacks. Companies should extend endpoint security practices to all platforms and devices as much as possible, and implement other layers of protection to protect those platforms and devices that can't be protected by endpoint security (like iOS).

Secondly, auto-updating or patch management is another viable target to attack. In the South Korean targeted attack, the auto-update/patch management infrastructure was compromised and was turned into a malware delivery system. To prevent such happenings, organisations should take steps to ensure better security on their patch management and updating infrastructure under their control. From a risk management point of view, organisations should be assessing these assets as critical, high-value targets and addressing the risks appropriately.

Thirdly and finally,security and infrastructure products are targets too. The MBR wiper malware specifically targeted the processes of two or three Korean security suite products used by the affected companies. Coupling with the fact that the compromise of the patch management system was also focused on a single vendor, it shows that the attackers had knowledge about their intended victims' security and infrastructure. Companies should thus invest in additional layers of protection, especially those that support heuristic detection capabilities, to mitigate the risk of security and infrastructure products being targets of attacks.

With all the above being potential targets of attacks, good security will lie in the ability of a service provider to offer an integrated, layered, unified and virtualised security approach.

A layer of defences help cover gaps and enable organisations to detect, analyse adapt and respond to attacks and malware within the network in real time across virtual, cloud, static and mobile environment and platforms.

For instance, Trend Micro was able to protect its enterprise users against the MBR wiper attacks in South Korea. The Trend Micro Deep Discovery managed to detect and analyse APTs to rapidly adapt protection and respond to the attacks. The network-wide monitoring powered by custom sandboxing and relevant real-time intelligence enables early attack detection, enable rapid containment, and delivers custom security updates that immediately improves protection against further attack.

 

Sign up for CIO Asia eNewsletters.