Looming Cyber Threats From Russia & N. Korea

Uploaded on 2018-01-30 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, INTELLIGENCE-Hot Spots-Russia, INTELLIGENCE-Hot Spots-North Korea, GOVERNMENT-National, FREE TO VIEW

Threat actors from both nations ramped up their activities sharply in 2017, Flashpoint says in its Business Risk Intelligence Decision Report.

Cyberthreat activity from Russia and North Korea ramped up last year in response to several geopolitical factors, while that from China, long a source of problems for US organisations, tapered off a bit, a new business risk intelligence report from Flashpoint shows.

The report provides an assessment of how cyber-criminals and nation-state actors evolved their tactics, techniques, and procedures over the past year and what enterprises can expect from them in the short term. 

This report shows that ransomware continued to be a major driver for profit-motivated attacks and will likely remain that way in 2018 as well. But also emerging as a threat to organisations were geopolitical conflicts spilling over into cyberspace.
Threat activity by state-sponsored actors in North Korea, for instance, ramped up sharply in response to the tightening international sanctions against the country over its controversial nuclear missile program.  "North Korea really does seem to be engaged in a large-scale effort to steal funds to support the regime," says Jon Condra, author of the intelligence report and Flashpoint's director of Asia Pacific Research.

North Korean attacks on crypto-currency exchanges and the SWIFT financial network and the growing use of ransomware attacks by threat actors in the country suggest that the government there is feeling the crunch from the sanctions. 
A lot of the activity stemming from North Korea these days is the sort typically associated with financially motivated cyber-criminals, not nation-state actors. "North Korea is notoriously unpredictable. We see them as a continuing threat to almost any organisation," he says.

The threat from Russia is somewhat different. Recently, threat actors from the country appear to have ramped up cyber espionage and disinformation campaigns aimed at Western governments. 

Russia's suspected meddling in the 2016 US presidential election and the 2017 French elections and the leaking of classified NSA cyberattack tools by the Russian-speaking Shadow Brokers group in 2016 are some examples of likely nation-state sponsored activities from the country. "Russia has embraced cyber espionage and cyber-enabled disinformation as a core component of its international strategy," Condra says.

Moves by the US and European Union to tighten or extend some existing sanctions against Russia could trigger more such cyber threat activity from the country.

Nation-state-sponsored threat actors in Russia have the ability to do catastrophic damage to critical systems and infrastructure resulting in destruction of property and possible loss of life. China, though less active last year, has the same ability, as do the so-called Five Eyes nations: The United States, UK, Canada, Australia, and New Zealand.

Flashpoint has currently pegged North Korea as a Tier 4 threat with the ability to cause moderate damage like temporarily disrupting core business functions and critical assets. But the country's ability to marshal state resources as necessary to meet its objectives makes it a more dangerous player. "North Korea in particular is likely capable of using destructive and highly disruptive attacks in kinetic conflict scenarios to support military objectives," the report said.

In addition to nation-state threats, expect to see more activity from hacktivists, hate groups, and jihadists, according to the security vendor. 

The Turkish Aslan Neferler Tim (ANT) has been one the most active hacktivist outfits since the start of 2017 and has carried out a string of distributed denial-of-service attacks using attack infrastructure based in the US, Austria, and Turkey. 
While its targets are primarily Turkish, ANT has attacked airports, banks, and government organisations in the US, Greece, Denmark, Germany, and several other countries.

The continuing political polarisation in the US has also resulted in a resurgence of cyber activity by hate groups and non-jihadist threat actors. 

Many of them used the Internet, social media platforms, and messaging services such as Discord to disseminate propaganda and to publicise protests such as the deadly Unite the Right rally in Charlottesville last August. Groups like Antifa and the Resist Trump movement, too, used these channels to maintain their visibility among supporters. 

To organisations struggling with daily attacks by common cybercriminals, the danger from sophisticated nation-state foes can sometimes seem remote. But as the report highlights, geopolitical conflicts, hacktivist actions, and other seemingly unrelated developments have been increasingly spilling over into the cyber realm.

The trend has driven growing interest in threat intelligence service among organisations. Many want to build context around their internal telemetry by combining it with external threat data. The use of such services is especially prevalent in large organisations with established security operations centers, says John Pescatore, director of emerging security threats at the SANS Institute. "Mature SoC processes can make good use of threat data. It can help them more quickly adjust filters and shields for protecting against threats" that might still only be developing, Pescatore says.

Dark Reading

You Might Also Read:

Russia Is Providing North Korea With Internet Connectivity:

Poor North Korea Is A Cyber Superpower:

Russia Will Create Its Own Internet:

« Google’s AutoML Offers Machine Learning Models Without Having To Code
US Banks Face A Growing Threat »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

IT Security Guru

IT Security Guru

IT Security Gurus publish daily breaking news. interviews with the key thinkers in IT security, videos and the top 10 stories as picked by our Editor.

National Centre of Incident Readiness & Strategy for Cybersecurity (NISC) - Japan

National Centre of Incident Readiness & Strategy for Cybersecurity (NISC) - Japan

NISC was established as a secretariat of the Cybersecurity Strategy Headquarters in collaboration with the public and private sectors to create a "free, fair and secure cyberspace" in Japan.

ThaiCERT

ThaiCERT

ThaiCERT is the national Computer Security Incident Response Team (CSIRT) for Thailand.

Veridify Security

Veridify Security

Veridify Security (formerly SecureRF), develops and licenses quantum-resistant, public-key security tools for the low-resource processors powering the Internet of Things.

Wallix

Wallix

Wallix is a software company offering privileged access management solutions for enterprises, public organizations and cloud service providers

Claroty

Claroty

Claroty was conceived to secure and optimize OT networks that run the world’s most critical infrastructures.

Czech Accreditation Institute

Czech Accreditation Institute

Czech Accreditation Institute is the national accreditation body for the Czech Republic. The directory of members provides details of organisations offering certification services for ISO 27001.

Zerodium

Zerodium

Zerodium is the leading exploit acquisition platform for premium zero-days and advanced cybersecurity research.

Packetlabs

Packetlabs

Packetlabs specializes in penetration testing services and application security.

Stronghold Cyber Security

Stronghold Cyber Security

Stronghold Cyber Security is a consulting company that specializes in NIST 800, the Cybersecurity Framework and the Cybersecurity Maturity Model Certification.

1Touch.io

1Touch.io

1touch.io Inventa is an AI-based, sustainable data discovery and classification platform that provides automated, near real-time discovery, mapping, and cataloging of all sensitive data.

Defimoon

Defimoon

DeFimoon is the International Blockchain Development & Security Agency. We provide professional services and solutions at the highest quality on world-leading chains.

Ofcom

Ofcom

Ofcom is the UK's communications regulator. We regulate the TV, radio and video on demand sectors, fixed line telecoms, mobiles, postal services, plus the airwaves over which wireless devices operate.

LetsData

LetsData

LetsData uses AI to provide governments, intergovernmental organizations, civil society, and businesses with data-empowered decisions on communication in the age of online disinformation.

SITS Group

SITS Group

SITS Group excel in delivering a comprehensive range of Cyber Security consulting and managed services, from cloud transformation to risk management.

Applaudo

Applaudo

Applaudo specializes in helping the world’s most admired brands optimize their IT solutions, reduce delivery costs, and accelerate their digital transformation.