Security Brief: South Korea Attacks, Opera, Hacked Cars

The main events of the week between June 24 – June 30

By on June 30th, 2013 01:51 GMT

South Korea has taken the spotlight over the past week due to another series of cyberattacks against high-profile organizations.

It all started at the beginning of the week, when the South Korean government was forced to shut down several of its websites because of cyberattacks.

People were talking about defacement images in which the Anonymous movement took credit for the attacks.

However, after analyzing the incident, experts found that these latest attacks are actually connected to the ones launched in March against South Korean financial institutions and broadcasters.

Symantec has determined that several attacks launched against South Korea over the past 4 years are the work of a cybercriminal group called DarkSeoul.

The gang uses time-triggered malware that’s capable of using compromised computers to launch distributed denial-of-service (DDOS) attacks and erasing information from the infected devices.

In this case, the malware was distributed via the auto-update mechanisms of SimDisk, a South Korean file-sharing and storage service. The hackers compromised the update system and abused it to push the malware, which was designed to step into play only on June 25 at 10 AM.

Pieces of malware were responsible not only for launching the DDOS attacks against the government websites, but also for wiping data from the infected computers, and changing wallpapers to an “Anonymous” image.

In the meantime, Anonymous hacktivists have launched cyberattacks against North Korea. A number of websites have been disrupted.

However, North Korea isn’t too concerned. Instead, it accused the US and South Korea of joining Anonymous in cyber terrorism.

Another interesting hack we’ve seen this week is the one that targeted Opera. The attack was halted and contained, according to Opera, but the cybercriminals still managed to steal an expired digital certificate which they used to sign malware.

Opera said a few thousand customers who used Opera between 1:00 and 1:36 on June 19 might have been infected with the malware.

Experts have analyzed the malicious element and found that it’s designed to steal sensitive information from the infected computers. So should you ditch Opera following this incident? Here’s what experts believe.

Most people are probably aware of the fact that modern cars can be hacked. A couple of famous security experts, Charlie Miller and Chris Valasek, plan to demonstrate it once again at the upcoming DEF CON hacking conference.

And since we’re talking about hacked cars, a former US official says the mysterious death of journalist Michael Hastings might be the result of a car cyber attack orchestrated by US intelligence agencies.

In other news, the Snowden saga continues. While the whistleblower attempts to find a country that would protect him from US authorities, new details about the NSA’s surveillance programs come to light.

Snowden has told a Chinese newspaper that several universities and major mobile phone companies had been hacked by the United States.

It turns out that not all hackers support Snowden’s actions. One of them is the controversial Jester.

As far as law enforcement operations are concerned, 43 individuals have been arrested as part of a Europol-coordinated operation that targeted airline fraudsters. In addition, authorities from all around the world took part in an operation that resulted in the takedown of over 9,000 rogue pharmacy websites.

Finally, US and European law enforcement agencies have seized a total of 328 domains used to sell counterfeit items. This is the latest part of Operation In Our Sights.

Here are some other important events, in case you’ve missed them:

ICS-CERT warns of brute-force attacks against critical infrastructure control systems

Former US general investigated for Stuxnet leak

RedHack breaches Istanbul Special Provincial Administration website and erases people’s debts

Facebook fixes critical vulnerability that could have been leveraged to hijack accounts

Carberp malware source code leaked

Details of 40,000 US troops leaked by hackers

LulzSec hacker Jake Davis released from detention

Comments