Mass attacks on government and financial sites continue

By

Researchers remain unsure of the source of an ongoing distributed-denial-of-service (DDoS) attack that is affecting a number of US and South Korean government websites, along with financial institutions, such as the New York Stock Exchange and NASDAQ sites, as well as various military sites and the Washington Post.

The attack may have started during the July 4 weekend, but seemed to have peaked yesterday, Rick Howard, intelligence director for VeriSign iDefense, told SCMagazineUS.com.

One of the hardest hit government sites was the US Federal Trade Commission's, but other US government sites have been able to mitigate the effect.

“Most of the US government sites have handled it without too much of a problem,” Howard said. “But there have been problems on the South Korean side.”

The code itself is not new or particularly sophisticated. It seems to be a variant of the MyDoom worm that first hit in 2004.

“We have a copy of the malicious code that is doing it. It is not that exciting in terms of new and interesting things – it's a middle-of-the-road DDoS attack trojan,” Howard said. “There may not even be a command-and-control server involved – the payload may be delivered by email.”

Some security experts have estimated the number of compromised computers hosting the malware at between 30,000 and 60,000. Also, the code may bundle a number of different modules.

“The malicious code drops several different components and is composed of many different files,” Luis Corrons, technical director at PandaLabs, told SCMagazineUS.com. “One of the files has a list of URLs to be attacked hard-coded in it -- so the attackers are not dynamically configuring the attack.”

Though many reports claim it is coming from North Korea, it's too soon to pinpoint exactly who is behind it.

“It's not hard to mitigate a DDoS – it's expensive — though not hard to do,” said Howard. “But it is hard to attribute the attack to a specific origin.”

And few clues yet exist to help make a determination, though forensic efforts are ongoing.

“The malware itself does not give any clue as to who is doing this,” Corrons said.

There are a number of theories, however, on where the email bearing the malicious payload physically originated.

“There was a report that ground zero – the place where the emails were launched from -- is somewhere east of Seoul,” Howard said. “But that is purely speculative at this point.”


See original article on scmagazineus.com

Mass attacks on government and financial sites continue
Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:
denialdosfinancialgovernmenthackhackerskoreanasdaqnysepostsecurityservicesouthuswashingtonwebsites

Sponsored Whitepapers

See everything. Do more.
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Diamond IT Delivers GRC Transformation with Microsoft Purview
Diamond IT Delivers GRC Transformation with Microsoft Purview
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy

Events

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers
Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies
Victoria's Secret pulls down website amid security incident

Victoria's Secret pulls down website amid security incident
Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?