South Korean bank and broadcaster networks 'paralysed' by attacks

News by Dan Raywood

South Korea is investigating attacks which have paralysed its banks and broadcasters, with the Korean Internet Security Agency saying the networks had been 'partially or entirely crippled'.

South Korea is investigating attacks which have paralysed its banks and broadcasters, with the Korean Internet Security Agency saying the networks had been 'partially or entirely crippled'.


At least three broadcasters -- KBS, MBC and YTN -- and two banks -- Shinhan Bank and Nonghyup -- reported to the National Police Agency (NPA) that their computer networks were entirely halted around 2pm for unknown reasons.


According to BBC News, defence ministry spokesman Kim Min-Seok said that it is not ruling out the possibility of North Korea being involved, 'but it's premature to say so'. An official from the National Computing and Information Agency (NCIA) said that no government-related computer networks had been affected.


Although Korea's Yonhap news said that Cheong Wa Dae, the office of the President of South Korea, was looking into possible North Korean involvement in the incidents.


James Clapper, director of National Intelligence for the US government, recently warned about 'unsophisticated' attacks that could penetrate poorly protected computer networks for power grids and posed an 'increasing risk to US critical infrastructure'.


He also said that he was concerned about North Korea following recent threats of a nuclear attack on US soil from North Korean leader Kim Jong-Un. According to Sky News he was dismayed by 'very belligerent' statements coming from Kim Jong-Un, saying: “The rhetoric, while it is propaganda-laced, is also an indicator of their attitude and perhaps their intent. So for my part I am very concerned about what they might do."



Christopher Boyd, senior threat researcher at ThreatTrack Security, said: “There have been numerous serious attacks on South Korean networks and systems over the last few years, from recent newspaper site defacements and the most recent network attacks to the so-called ‘Ten Days of Rain' denial-of-service attacks on multiple government sites and the USFK in 2011.

“While it's tempting to attribute these attacks to the north given the current state of play in the region, many attacks are not so easy to pin down - the Ten Days of Rain used compromised machines inside South Korea to launch the DDoS attacks, and in 2009 the JoongAng Daily claimed that a South Korean man allegedly purchased infected games in North Korea, only to take them back and infect gamers - using them to DDoS the website of the Incheon International Airport.”

Ross Brewer, vice president and managing director for international markets at LogRhythm, said: “The cause of yesterday's network problems are still unclear and managed to infiltrate systems to the point of ‘crippling' them – indicating that these organisations didn't have the visibility required to effectively monitor IT systems and identify and remediate any anomalous IT network behaviour in real time.”

 Jarno Limnell, director of cyber security at Stonesoft, said: “The choice of targets is telling of the trend that the chief candidates for attack are increasingly likely to be global financial markets and critical infrastructure systems, which if taken down have the power to cripple a nation. In today's digitally interconnected world there is huge potential for unpredictable side effects and collateral damage from aggressive actions. As such, fighting fire with fire is a dangerous tactic.”

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming event 

Webcast: Understanding this year's biggest adversaries - and how to combat them 

Nation-state activity, versatile, slippery strategies and Big Game Hunting - the threats are real, dangerous and ever changing. 
Brought to you in partnership with Crowdstrike