shutterstock-1090158029

Why the North Korean cyber threat shouldn't be ignored

At the luxurious Capella Hotel on Sentosa, off the southern coast of Singapore tomorrow, two of the world’s most divisive leaders will meet in a historical summit. You might have heard about it. But while most of the discussion has been around Trump’s insistence that North Korea “de-nuke”, what about the DPRK’s cyber program?

 

How has North Korea become such a cyber threat?

The Korean peninsula (including South Korea) has risen to be “one of the top three geographies hosting DDoS botnet command and control services and being the originator of DDoS attacks worldwide,” according to Carl Herberger, Radware’s vice president of security solutions. The country’s cyber program goes back to the 80s/90s and cyber actors are reportedly trained from a young age. Threat Intelligence and research firm Flashpoint has analyzed publicly released North Korean educational textbooks. They revealed that programming is introduced in secondary school, with more advanced topics and information security principles being taught in tertiary programs. Javier Velazquez, threat intelligence analyst at EclecticIQ explains that the education system is specifically designed to prepare top students for entry into specialized universities in the North Korean capital, Pyongyang.

For a long time, their priorities were very local, which allowed North Korean cyber actors to experiment and improve their skills without attracting too much attention from major cybersecurity companies. “It wasn't until Sony that the majority of the industry really started tracking the threat. By then, they had overcome most of the amateur mistakes,” says Ross Rustici, senior director of intelligence services at security specialist Cybereason.

The state-sponsored hacking program is highly advanced and covers three main areas: intelligence operations, destructive campaigns, and currency generation. “Their intelligence units are the best both in terms of operational security and the techniques they use,” says Rustici. The destructive group is the most well-known of the three, Rustici explains, being responsible for the attack against Sony and the year before that the media and banking attack in South Korea. “This group is good enough to get the job done but not overly advanced.” The final group is the most prolific and is responsible for generating money for the regime. Dabbling in “just about anything that can make money online”, the vast majority of these groups work outside of North Korea, are “well-resourced and thought out to have it achieve multiple aims”.

To continue reading...


PREVIOUS ARTICLE

« European blockchain institutions welcome input from IT professionals

NEXT ARTICLE

A buyer's guide to six top IT alerting and incident management tools »
Kate Hoy

Kate Hoy is Editor of IDG Connect

  • twt
  • twt
  • Mail

Recommended for You

How to (really) evaluate a developer's skillset

Adrian Bridgwater’s deconstruction & analysis of enterprise software

Unicorns are running free in the UK but Brexit poses a tough challenge

Trevor Clawson on the outlook for UK Tech startups

Cloudistics aims to trump Nutanix with 'superconvergence' play

Martin Veitch's inside track on today’s tech trends

Poll

Is your organization fully GDPR compliant?