In March of this year, a cyber attack wiped out many banks and broadcasters in South Korea. Specifically concerning about this attack was the fact that many members of the Shinhan banking network were targeted using what is known as spear phishing. Spear phishing requires prior knowledge about a specific person or group of people to be targeted and hackers send phishing e-mails to these specific people. The look-alike pages used in phishing and spear phishing can be especially worrisome due to the fact that people put their trust in a company and may blindly follow commands upon asked to change their password or something of the like.
This cyber attack was well-planned according to researchers in that hackers gained access to the organization’s computers eight months prior, monitoring the activities inside the server. Finally, malware was distributed to computers, wiping out much of the data.
These attacks are of an extremely serious nature. They allow for high return for the hacker with little traceability or chance for getting caught. The introduction of AttackKits allows for less knowledgeable hackers to conduct attacks on larger scales than otherwise possible.
Spear phishing to large organizations, or even vulnerable populations, can on any scale have detrimental effects. The freedom of the internet and the anonymity behind it has spiraled into a world of its own, allowing large amounts of data to be stolen or wiped out without even having to leave the house. This begs the question on how to protect against cyber attacks. Nation-wide implementation of cyber security should be a main priority, as cyber attacks could potentially wipe out essential information and infrastructure, leaving it at a standstill and having to start from ground zero. Policies must begin to be more stringent in this manner.
Read the article about South Korea here and here.
ICT4D @ Tulane 
Leave a comment