Perpetrators unknown but North Korea under suspicion

MPs call for war on technology crime

Tensions between North and South Korea have been raised further after a co-ordinated cyber attack hit banks and media organisations in Seoul and across the country.

Although the identity of the perpetrators is not yet known, the finger of blame has already been pointed at the regime in the North.

Preliminary investigations appear to show that the hackers – whatever their origin – used a Chinese address to plant the malicious code which caused the trouble.

This does not necessarily mean, however, that the Chinese state was itself responsible for the attack, even though China has been linked to a spate of recent cyber activity targeting Western interests.

Park Jae-moon of South Korea’s communications regulator told the BBC: “Unidentified hackers used a Chinese IP address to contact servers of the six affected organisations and plant the malware which attacked their computers.

“At this stage, we’re still making our best efforts to trace the origin of attacks, keeping all kinds of possibilities open.”

Cyber risk defence specialists LogRhythm’s vice-president and international markets managing director Ross Brewer said: “South Korea is one of the world’s most technically aware societies and is often described as ‘the world’s most wired’ country. As such, it is especially critical for its organisations to have a deep understanding of their own IT systems in order to ensure that its networks are not only adequately protected, but should they be attacked – which seems inevitable in today’s era of cyber attacks – that any potential damage is effectively minimised in real time and evidence of the attack is correctly monitored.

“The cause of yesterday’s network problems are still unclear and managed to infiltrate systems to the point of ‘crippling’ them, indicating that these organisations didn’t have the visibility required to effectively monitor IT systems and identify and remediate any anomalous IT network behaviour in real time. Organisations need to be continually monitoring all of the log data generated by all of their IT assets in real time - which is where evidence of all IT network activity lies – to detect and respond to suspicious or unauthorised behaviour the instant it takes place. Not only does this log data help firms identify hacks before any lasting damage can be done, it also provides vital forensic evidence about how and why these attacks happened in the first place.”