Gibson Index

2013-03-20: (Updated) South Korean Banks and Broadcasters Targeted in Possible Cyberattack

Level Three Attack

Several banks and broadcasters in South Korea have had their computer networks "paralyzed" by a possible cyber attack. If it is an actual cyber attack, and not an infrastructure failure, the organizations targeted are very reminiscent of the recent Czech Republic cyber attacks of a similar nature.

Update 3

Current speculation seems to indicate that Malware, rather than a Distributed Denial of Service Attack, is responsible for this incident. If so, that means that hundreds or thousands of computers were infected with a logic bomb or remote-controlled malware with what appears to be a destructive payload - or, another possibility is that an automatically deployed software update caused the issue. This would be especially likely an explanation if the affected organizations participated in the same software maintenance program (e.g., receiving updates from Microsoft on the same schedule), but if they don't do that, then it's probably malware.

Update 2

South Korea's military has upgraded their "Information Operation Condition" (INFOCOM) level to Level 3 from Level 4 in response to this situation. They use an inverted five-level system for rating cyber vigilance, so "up" is "down" compared to the Gibson Index. The severity and scope of this attack, if it turns out to be a true attack and not simply an infrastructure failure, could result in it being upgraded to a Gibson Level Four Attack.

Update

Twitter user @LukeCleary was able to snap a picture of one of the non-booting computers (there may be hundreds or thousands of computers affected in this way, based on current reports from South Korea):

Related Links

Related Tweets

Categories:
level-three-alerts
Tags:
alerts, level-three, ddos, malware, multiple-targets, destructive-payload
comments powered by Disqus