In the headlines: South Korea’s cyber attacks, DHS networks, Adobe Shockwave Player and more

South Korea has had over 110,000 cyber attacks in the last 5 years

A recently released report has revealed that South Korean government agencies were subject to over 114,000 cyber attacks in the last five years. The report, compiled using data from the National Computing and Information Agency shows that the departments targeted most frequently were the Ministry of Foreign Affairs and the Ministry of Trade, Industry and Energy. Im Su-kyung, a member of National Assembly’s Public Administration and Security Committee, who released the report said: ‘If confidential state information leaks out, the consequences can be immense and more than 100,000 cases of hacking against government facilities have taken place,” said Su-kyung. “We must do more to stop the growing number and the growing number of types of cyberattacks.’

Interestingly, less than five of these attacks could be pinpointed to a North Korean IP address, which would be the obvious target for suspicion. The government did not mention in the report the damage caused by these attacks or any breakdown of how they were technically carried out.

Government watchdog claims Dept of Homeland Security networks are vulnerable

In a report released last week, an inspection of the security systems in place at the DHS has shown that the agency’s own internal networks are vulnerable to attack. As the agency responsible for defending federal networks, the DHS is naturally under an added amount of scrutiny and while elements of the report showed improvement there were still some concerns.

Training of staff was highlighted as a weak point with the report stating ‘Budgetary constraints caused by recent continuing resolutions have limited their ability to provide their personnel with all the cybersecurity training they need.’ This makes recent statements by their own info security chief a little ironic. He had suggested removing security clearance for those staff who fail a phishing test. If staff are receiving as little cyber security training as DHS’ own staff then it wouldn’t be surprising for them to fail any sort of security test.

The report also flagged some internal sites, used by agencies such as the Secret Service, as vulnerable to data breaches. With the DHS due to take on greater cyber security responsibilities thanks to recent legislation, the report brings into question whether the agency is prepared for such additional responsibility. Plans are reportedly in place to address the concerns highlighted by the report.

A decade-long hacking campaign is allegedly linked to Russian government

Last week, security firm F-Secure released a report detailing their investigation into a hacking group dubbed ‘The Dukes’ who they claim have links to the Russian government. The report links the group to a number of attacks within the last seven years against governments and organizations across Asia, Europe and the United States. Their reasoning for the alleged link to Russian government is in selection of targets and language used in some of the malware code.

The group reportedly uses a unique malware toolkit to carry out ‘smash and grab’ style attacks. Their methods are described as particularly confident, with no apparent fears of repercussions or being caught, which further points to government links. Targets have included the Ministry of Defense in Georgia and numerous other government agencies and political think tanks. No comment has yet been given by Russia on the allegations.

Adobe Shockwave Player even less secure than Flash

Adobe have just released an update for the Flash browser plugin, fixing nearly two dozen security issues. This should automatically update on user browsers but users are recommended to check if they have Flash installed and make sure it’s up to date by visiting this [https://www.adobe.com/software/flash/about/] Adobe page. None of the vulnerabilities patched with the update have yet been exploited in the wild but users are encouraged to update as soon as possible.

Another issue has been raised with Adobe Shockwave Player, which researcher Brian Krebs claims is even less secure than Flash itself. He found that the player uses a Flash bundle which is 15 months behind with updates and urges users to remove the player altogether. He further suggests removing Flash itself and using it only when absolutely necessary.

Firefox bug database is itself vulnerable

Earlier this month, hackers managed to gain access to Mozilla’s own vulnerability database, finding 185 non-public bugs, 53 of which were ‘severe vulnerabilities. Adding insult to injury, a security company has found how to obtain high level permissions on Bugzilla, the bug tracker used by Mozilla. This database includes details of reported vulnerabilities which are yet to be fixed.

It’s not yet clear whether any of the non-public or Bugzilla-logged bugs have become public or if any new exploits have taken place but no doubt engineers at Mozilla are scrabbling for fixes as we speak.

New attacks on thousands of WordPress sites used to infect visitors

A new WordPress malware campaign dubbed ‘Visitor Tracker’ has claimed more than 5000 victims in the last two weeks. Hijacking vulnerable plugins, the malware is used to redirect visitors to a ‘Nuclear exploit kit’, where browser-based exploits are used to gain access.

To prevent your WordPress application becoming a victim, make sure all plugins are up to date, that the latest WordPress version is being used and check out some of our other WordPress security recommendations.