Tuesday, June 25th saw the shut down of major media and government Web sites in both South Korea and North Korea. A group of anonymous hackers are taking responsibility for the attack, which coincides with the 63rd anniversary of the start of the Korean war that lasted from 1950 to 1953.
"The government confirms there was a cyberattack this morning by unidentified hackers that shut down several sites including the presidential Blue House, the prime minister's office and some media companies," the South Korean science ministry said in a statement, according to the Wall Street Journal.
According to BBC, messages praising North Korean leader Kim Jong-un and claiming that hacking collective Anonymous was responsible were left on the hacked Web sites. But the AFP reported that Anonymous denied any involvement in the South Korean cyber-attacks on its official Twitter account.
Where's the Root?
We caught up with Ross Brewer, vice president and managing director for international markets at LogRhythm, to get his take on the news reports and what they really mean for cyber security. He told us South Korea is a highly advanced and leading cyber power, so the fact that its networks have suffered two major hacks in the last six months illustrates the severity and increasing prevalence of cyber war.
Back in March, he reminded, the attackers targeted South Korea's computer networks and banks, but this time they have chosen a more significant target, which would suggest that the attacks are becoming more serious.
"Despite the rumors, the cause and origin of the attack remains unclear, and hackers managed to infiltrate systems to the point that the country was forced to issue a cyber alert -- indicating that the visibility required to effectively monitor IT systems and identify and remediate any anomalous IT network behavior was not in place," Brewer said.
Need for Forensic Analytics
Considering its last experience with cyber attacks, Brewer said it is "imperative" that South Korean organizations are constantly monitoring all of the log data generated by their IT assets, as this is where evidence of all IT network activity lies. Doing so, he said, can help to detect and respond to suspicious or unauthorized behavior the moment it takes place.
"There is also, once again, the issue of attribution. Continued, speculative accusations against North Korea will only raise existing tensions and might lead to more significant repercussions," Brewer said. "As such, further forensic analysis of the breach is needed -- but this cannot be achieved with outdated point security solutions, such as anti-virus or firewall tools."
Brewer's conclusion: continuous monitoring of IT networks affords organizations the network visibility and intelligent insight needed for such deep forensic analysis. It is this in depth analysis, he said, that will enable hacking victims to effectively mitigate risks and accurately identify the culprits."