Trend Micro Deep Discovery Protects South Korean Customers From Attack
CUPERTINO, Calif., March 21, 2013 /PRNewswire/ -- Trend Micro Incorporated announced today that customers using its Deep Discovery advanced threat protection product were able to discover and react to the recent cyber-attack before damage could be done. These attacks paralyzed several major banking and media companies, leaving many South Koreans unable to withdraw money from ATMs and news broadcasting crews cut off from their resources.
Deep Discovery network detection and custom sandbox analysis were able to detect the spear phishing email, identify the malware it contained, and discover the external command-and-control sites that the attackers used. With this actionable intelligence in hand, customers were able to immediately stop or remedy any effect and to block all malicious communication sources. This detection and swift response saved Deep Discovery customers from an attack that appears aimed to disrupt normal business processing by disabling critical endpoints and resources.
Cyber-attacks have been a fact of life for some time in South Korea and many enterprise and government agencies have implemented proactive threat detection and response measures. Trend Micro is a leading provider of these security intelligence solutions and services, with three of the six top banks and over 80 government agencies using Deep Discovery to protect themselves from such attacks.Anatomy of the AttackAccording to reports, several computer screens at major South Korean banks and three top TV companies went blank on Wednesday (local time), March 20, 2013. Some screens were even showing an image of a skull and a warning from the "WhoIs" team. This attack is one of several independent, concurrent attacks plaguing South Korea. Trend Micro research has shown that this is the result of a malware attack that began with the delivery of a spear phishing email spoofed to look like a credit card history for the month of March. The malware attached to these phishing emails that brought these systems down overwrites the Master Boot Record (MBR), and was set to run on March 20 2013. If the malware was installed before March 20, it remains dormant and activates only on this day. Once it runs, it completely cripples the system usually requiring it be rebuilt. Wiping the MBR in this fashion can sometimes be the last step in a targeted attack meant to make investigation and recovery of these systems more difficult. Trend Micro research has shown that attackers targeted for destruction not only systems running Microsoft Windows but also those running Linux, IBM AIX, Oracle Solaris and Hewlett-Packard HP-UX versions of UNIX. Deep Discovery customers concerned they may also be targets of this attack can examine their Deep Discovery logs for instances of "HEUR_NAMETRICK.B."
Check Out Our Best Services for Investors
- $2.5+ million portfolio
- Large-cap and dividend focus
- Intraday trade alerts from Cramer
Access the tool that DOMINATES the Russell 2000 and the S&P 500.
- Buy, hold, or sell recommendations for over 4,300 stocks
- Unlimited research reports on your favorite stocks
- A custom stock screener
- Model portfolio
- Stocks trading below $10
- Intraday trade alerts