Reports are coming out this morning of distributed denial of service attacks coming from North Korea and targeting South Korean government and business web sites. I heard one report which stated that US government sites are also being targeted.

I’ve never really thought USA Today was a bastion of InfoSec news, but they have a report here that gives a basic understanding of what is going on.

It is evident that the information is not complete. Unnamed sources that are “not authorized” to speak are providing sanitized information.

I would expect there to be more information coming out a little at a time.

UPDATE: Information is starting to come out http://www.google.com/hostednews/ap/article/ALeqM5icTKBW9_fm-oKDzns75BI-ykokSwD999UN580.

My plan is to use this as an opportunity and reminder to revisit our plans and procedures in the event any of our computers are a part of a botnet, or in the event our organization becomes a target.

Steps I plan to take specifically for this threat:

  • Work with ISP to make sure that they are filtering DDoS at their routers for traffic that is headed our way.
  • Verify that all of our computers have current antivirus running and that signatures are current.
  • Force an AV scan on all workstations.
  • Force an AV scan on all servers using a secondary AV engine.
  • Monitor in-bound traffic closely and pay attention to alerts.
  • Notify Management of the situation if anything begins to develop.

Sleep tight, y’all.

- Dan

Tags:

Leave a Reply

You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>