Looming Cyber Threats From Russia & N. Korea

Uploaded on 2018-01-30 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, INTELLIGENCE-Hot Spots-Russia, INTELLIGENCE-Hot Spots-North Korea, GOVERNMENT-National, FREE TO VIEW

Threat actors from both nations ramped up their activities sharply in 2017, Flashpoint says in its Business Risk Intelligence Decision Report.

Cyberthreat activity from Russia and North Korea ramped up last year in response to several geopolitical factors, while that from China, long a source of problems for US organisations, tapered off a bit, a new business risk intelligence report from Flashpoint shows.

The report provides an assessment of how cyber-criminals and nation-state actors evolved their tactics, techniques, and procedures over the past year and what enterprises can expect from them in the short term. 

This report shows that ransomware continued to be a major driver for profit-motivated attacks and will likely remain that way in 2018 as well. But also emerging as a threat to organisations were geopolitical conflicts spilling over into cyberspace.
Threat activity by state-sponsored actors in North Korea, for instance, ramped up sharply in response to the tightening international sanctions against the country over its controversial nuclear missile program.  "North Korea really does seem to be engaged in a large-scale effort to steal funds to support the regime," says Jon Condra, author of the intelligence report and Flashpoint's director of Asia Pacific Research.

North Korean attacks on crypto-currency exchanges and the SWIFT financial network and the growing use of ransomware attacks by threat actors in the country suggest that the government there is feeling the crunch from the sanctions. 
A lot of the activity stemming from North Korea these days is the sort typically associated with financially motivated cyber-criminals, not nation-state actors. "North Korea is notoriously unpredictable. We see them as a continuing threat to almost any organisation," he says.

The threat from Russia is somewhat different. Recently, threat actors from the country appear to have ramped up cyber espionage and disinformation campaigns aimed at Western governments. 

Russia's suspected meddling in the 2016 US presidential election and the 2017 French elections and the leaking of classified NSA cyberattack tools by the Russian-speaking Shadow Brokers group in 2016 are some examples of likely nation-state sponsored activities from the country. "Russia has embraced cyber espionage and cyber-enabled disinformation as a core component of its international strategy," Condra says.

Moves by the US and European Union to tighten or extend some existing sanctions against Russia could trigger more such cyber threat activity from the country.

Nation-state-sponsored threat actors in Russia have the ability to do catastrophic damage to critical systems and infrastructure resulting in destruction of property and possible loss of life. China, though less active last year, has the same ability, as do the so-called Five Eyes nations: The United States, UK, Canada, Australia, and New Zealand.

Flashpoint has currently pegged North Korea as a Tier 4 threat with the ability to cause moderate damage like temporarily disrupting core business functions and critical assets. But the country's ability to marshal state resources as necessary to meet its objectives makes it a more dangerous player. "North Korea in particular is likely capable of using destructive and highly disruptive attacks in kinetic conflict scenarios to support military objectives," the report said.

In addition to nation-state threats, expect to see more activity from hacktivists, hate groups, and jihadists, according to the security vendor. 

The Turkish Aslan Neferler Tim (ANT) has been one the most active hacktivist outfits since the start of 2017 and has carried out a string of distributed denial-of-service attacks using attack infrastructure based in the US, Austria, and Turkey. 
While its targets are primarily Turkish, ANT has attacked airports, banks, and government organisations in the US, Greece, Denmark, Germany, and several other countries.

The continuing political polarisation in the US has also resulted in a resurgence of cyber activity by hate groups and non-jihadist threat actors. 

Many of them used the Internet, social media platforms, and messaging services such as Discord to disseminate propaganda and to publicise protests such as the deadly Unite the Right rally in Charlottesville last August. Groups like Antifa and the Resist Trump movement, too, used these channels to maintain their visibility among supporters. 

To organisations struggling with daily attacks by common cybercriminals, the danger from sophisticated nation-state foes can sometimes seem remote. But as the report highlights, geopolitical conflicts, hacktivist actions, and other seemingly unrelated developments have been increasingly spilling over into the cyber realm.

The trend has driven growing interest in threat intelligence service among organisations. Many want to build context around their internal telemetry by combining it with external threat data. The use of such services is especially prevalent in large organisations with established security operations centers, says John Pescatore, director of emerging security threats at the SANS Institute. "Mature SoC processes can make good use of threat data. It can help them more quickly adjust filters and shields for protecting against threats" that might still only be developing, Pescatore says.

Dark Reading

You Might Also Read:

Russia Is Providing North Korea With Internet Connectivity:

Poor North Korea Is A Cyber Superpower:

Russia Will Create Its Own Internet:

« Google’s AutoML Offers Machine Learning Models Without Having To Code
US Banks Face A Growing Threat »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

SI-CERT

SI-CERT

SI-CERT (Slovenian Computer Emergency Response Team) is the national cyber scurity incident response center for Slovenia.

Integrity360

Integrity360

Integrity360 provide fully managed IT security services as well as security testing, integration, GRC and incident handling services.

IT2Trust

IT2Trust

IT2Trust is one of Scandinavia’s leading value-added distributors of business-critical IT solutions within IT security and networking.

KLC Consulting

KLC Consulting

KLC Consulting offers information assurance / Security, IT Audit, and Information Technology products and services to government and Fortune 1000 companies.

achelos

achelos

achelos is an independent software development company providing innovative technical solutions for micro-processor chips / security chips and embedded systems in security-critical application fields.

exceet Secure Solutions

exceet Secure Solutions

exceet Secure Solutions is your experienced specialist for Internet of Things (IoT), Heath Telematics, electronic signatures and timestamps and IT security.

Rule4

Rule4

Rule4 is a global professional services firm that provides practical, real-world knowledge and solutions in areas including cybersecurity, AI, Machine Learning and industrial control systems.

Neosecure

Neosecure

NeoSecure is a specialist Cybersecurity Solutions and Managed Services provider in Latin America.

MDSec

MDSec

MDSec is a consultancy with a passion for information security. Our consultants specialise in application, mobile and hardware security and targeted red team attacks.

Incognia

Incognia

Incognia have created a ubiquitous private identity based on location behavior, that enables a personalized frictionless experience with mobile apps and connected devices.

Certo Software

Certo Software

Certo are trusted experts in mobile security. At Certo, mobile security is not an afterthought, it’s what we do.

Park Place Technologies

Park Place Technologies

Park Place Technologies' mission is to drive uptime, performance and value for critical IT infrastructure.

Sweet Security

Sweet Security

Sweet Security delivers Runtime Attack Security for Cloud Workloads.

B2Bcert

B2Bcert

B2BCERT one of the top companies offering ISO 9001, ISO 14001, ISO 45001, ISO 22000, ISO 27001, ISO 20000,CE Marking, HACCP, and other globally accepted standards and Management solutions.

ThreatER

ThreatER

ThreateER (formerly ThreatBlockr / Bandura Cyber) is a cybersecurity platform that provides active network defense by automating the discovery, enforcement, and analysis of cyber threats at scale.

ConvergePoint

ConvergePoint

ConvergePoint is the leading compliance software provider on the Microsoft Office 365 SharePoint platform.