March 21, 2013
/PRNewswire/ -- Trend Micro Incorporated announced today that customers using its Deep Discovery advanced threat protection product were able to discover and react to the recent cyber-attack before damage could be done. These attacks paralyzed several major banking and media companies, leaving many South Koreans unable to withdraw money from ATMs and news broadcasting crews cut off from their resources.
Deep Discovery network detection
and custom sandbox analysis were able to detect the spear phishing email, identify the malware it contained, and discover the external command-and-control sites that the attackers used. With this actionable intelligence in hand, customers were able to immediately stop or remedy any effect and to block all malicious communication sources. This detection and swift response saved Deep Discovery customers from an attack that appears aimed to disrupt normal business processing by disabling critical endpoints and resources.
Cyber-attacks have been a fact of life for some time in
and many enterprise and government agencies have implemented proactive threat detection and response measures. Trend Micro is a leading provider of these
solutions and services, with three of the six top banks and over 80 government agencies using Deep Discovery to protect themselves from such attacks.
Anatomy of the Attack
According to reports, several computer screens at major South Korean banks and three top TV companies went blank on Wednesday (local time),
March 20, 2013
. Some screens were even showing an image of a skull and a warning from the "WhoIs" team.
This attack is one of several independent, concurrent attacks plaguing
. Trend Micro research has shown that this is the result of a malware attack that began with the delivery of a spear phishing email spoofed to look like a credit card history for the month of March. The malware attached to these phishing emails that brought these systems down overwrites the Master Boot Record (MBR), and was set to run on
2013. If the malware was installed before
, it remains dormant and activates only on this day. Once it runs, it completely cripples the system usually requiring it be rebuilt. Wiping the MBR in this fashion can sometimes be the last step in a targeted attack meant to make investigation and recovery of these systems more difficult. Trend Micro research has shown that attackers targeted for destruction not only systems running Microsoft Windows but also those running Linux, IBM AIX, Oracle Solaris and Hewlett-Packard HP-UX versions of UNIX.
Deep Discovery customers concerned they may also be targets of this attack can examine their Deep Discovery logs for instances of "HEUR_NAMETRICK.B."