Reports are coming out this morning of distributed denial of service attacks coming from North Korea and targeting South Korean government and business web sites. I heard one report which stated that US government sites are also being targeted.
I’ve never really thought USA Today was a bastion of InfoSec news, but they have a report here that gives a basic understanding of what is going on.
It is evident that the information is not complete. Unnamed sources that are “not authorized” to speak are providing sanitized information.
I would expect there to be more information coming out a little at a time.
UPDATE: Information is starting to come out http://www.google.com/hostednews/ap/article/ALeqM5icTKBW9_fm-oKDzns75BI-ykokSwD999UN580.
My plan is to use this as an opportunity and reminder to revisit our plans and procedures in the event any of our computers are a part of a botnet, or in the event our organization becomes a target.
Steps I plan to take specifically for this threat:
- Work with ISP to make sure that they are filtering DDoS at their routers for traffic that is headed our way.
- Verify that all of our computers have current antivirus running and that signatures are current.
- Force an AV scan on all workstations.
- Force an AV scan on all servers using a secondary AV engine.
- Monitor in-bound traffic closely and pay attention to alerts.
- Notify Management of the situation if anything begins to develop.
Sleep tight, y’all.
- Dan
