N.Korea's Cyber Threats To S.Korea

Uploaded on 2017-10-05 in INTELLIGENCE-Hot Spots-North Korea, INTELLIGENCE--International, GOVERNMENT-National, GOVERNMENT-Defence, FREE TO VIEW, NEWS-Cybersecurity News, TECHNOLOGY--Hackers

US Forces in Korea recently received reports of fake text and social media messages instructing Defense Department civilians to evacuate the Korean Peninsula. US Forces Korea confirmed on its Facebook page that the evacuation alert was false.

The fake message comes during a tense situation on the Korean Peninsula, and around the world, as North Korean leader Kim Jong Un continues to perform nuclear tests and launch ballistic missiles, two of which have been fired over Japan.

There are more than 28,000 American troops stationed in South Korea. This includes 8th Army, 7th Air Force, US Navy Korea, US Marine Corps Forces-Korea and Special Operations Command Korea.

North Korea's threats against the US have brought a heightened sense of awareness around cyber threats, according to current and former government officials, operators of critical industrial systems, and other experts are also talking about N. Korean cryptocurrency theft.

Cyber Threats on US

The UN Security Council recently approved new sanctions against Pyongyang, prompting vows of retaliation, specifically against the US.

Sources said the programs and entities ready to swing into action include Department of Homeland Security coordinating structures and information-sharing programs, the National Cyber Incident Response Plan, an interagency cyber coordinating group established during the Obama administration, and the Cyber Threat Intelligence Integration Center, or CTIIC, among others.

"The systems are in place, but they are not as mature as they should be," said one source with experience in the executive branch and the private sector.'

The CTIIC is probably working a lot of overtime right now," said a former high-ranking administration official who said the center would disseminate information about the North Korean threat "so policymakers have a comprehensive view."

The federal government has "a duty" to get related information, possibly sanitized to meet the recipients' clearance levels, into the hands of infrastructure contacts, the source noted. That information would go out through DHS or law enforcement agencies.

"The communication channels with the private sector are way better than they used to be," the former ranking administration official said.

Some of these programs have faced criticism in the past over the perceived inadequacy of coordination with the private sector, and they could be tested if the North Korea situation escalates.

"The North Korea threat is the most-scary and the most direct," the source with government and private-sector experience said. "If there is a conflict, a lot of it will be fought in cyberspace. This is not a drill, it's real-world."

One source close to a critical-infrastructure group said, "So much time and effort has been invested in bringing cyber policy up to a point where various parties know how important it is. I'd like to believe we'd bring a coordinated response and handle ourselves well in a crisis."

But the source acknowledged that "countless breaches" over the years have put sensitive information about critical infrastructure systems into the hands of "foreign adversaries."

"That is known, and they can steal other information too," the source said. "That's just the reality we're living in. As the clock ticks, it seems like we're getting closer and closer to something happening. That could apply to electricity, gas, water, you name it."

That also raises the issue of deterrence, which is an unsettled topic in cyber policy circles that continues to generate debate. Situations like the standoff with North Korea increase pressure on policymakers to address cyber deterrence more clearly.

"A lot of that is still undefined," the former high-ranking administration official said. "On cyber, there isn't really the same thing as what we show on the traditional military side, where we don't tell the adversary about the specifications of our Aegis destroyers but we let them know they are there. We haven't figured out how to do that on the cyber side."

North Korea stealing E-Currency

Also North Korean state-sponsored actors may be behind campaigns to steal virtual currencies in order to fund the state’s activities, according to speculation from security firm FireEye.

Last year the firm saw evidence that North Korean actors were targeting banks and the global financial system, possibly to fund Pyongyang’s elite.

Since May 2017, the North Korean actors have hit at least three South Korean cryptocurrency exchanges to steal funds, prompting the second wave of the campaign, FireEye researcher Luke McNamara says.

The actors used spearphishing methods to target employees at digital currency agencies. Those methods included tax themes as bait and banking malware linked to other North Korean actors.

“Add to that the ties between North Korean operators and a watering hole compromise of a bitcoin news site in 2016, as well as at least one instance of usage of a surreptitious cryptocurrency miner, and we begin to see a picture of North Korean interest in cryptocurrencies, an asset class in which bitcoin alone has increased over 400% since the beginning of this year,” McNamara says.

He points out that there have been six bursts of activity by North Korean actors against South Korean cryptocurrency targets between April and July.

In April, a suspected attack on four wallets in South Korean cryptocurrency exchange Yapizon may be linked, although there is no clear evidence North Korea was involved.

Four days later, the United States placed higher economic sanctions against North Korea, which may be growing North Korea’s interest in cryptocurrency.

In May, two South Korean exchange targets were hit by spearphishing campaigns. In June, more attacks against cryptocurrency providers were carried out. In July, the third known spearphishing attack against personal accounts was conducted.

According to McNamara, cryptocurrency exchanges make up just part of North Korea’s financial crime. He cites Office 39 as being involved in gold smuggling and creating counterfeit currency.

“If actors compromise an exchange itself (as opposed to an individual account or wallet) they potentially can move cryptocurrencies out of online wallets, swapping them for other, more anonymous cryptocurrencies or send them directly to other wallets on different exchanges to withdraw them in fiat currencies such as South Korean won, US dollars, or Chinese renminbi.”

He also says that because regulations around cryptocurrency are still developing, some countries may have insufficient money laundering laws, making it easier for attackers to mine cryptocurrencies.

McNamara notes that nations are becoming interested in cryptocurrencies, including Russia and Australia.

“Consequently, it should be no surprise that cryptocurrencies, as an emerging asset class, are becoming a target of interest by a regime that operates in many ways like a criminal enterprise.

“While at present North Korea is somewhat distinctive in both their willingness to engage in financial crime and their possession of cyber espionage capabilities, the uniqueness of this combination will likely not last long-term as rising cyber powers may see similar potential. Cyber criminals may no longer be the only nefarious actors in this space,” McNamara concludes.

Military Times:           Washington Examiner:        Security Brief:

You mIght Also Read:

N Korea Targets S Korea’s Bitcoin Exchange:

US Conducts Computer War Games in Response to North Korea Missile Launch:
 

« Bashing Facebook Is Not The Answer To Curbing Russian Influence Operations
China Wants To Use AI To Predict Civil Disorder »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Shavlik Protect

Shavlik Protect

Shavlik Protect is an easy-to-use security software solution that discovers missing patches and deploys them to the entire organization.

CEPS

CEPS

CEPS is a leading think tank and forum for debate on EU affairs, ranking among the top think tanks in Europe. Topic areas include Innovation, Digital economy and Cyber-security.

Infoblox

Infoblox

Infoblox solutions help businesses automate complex network control functions to reduce costs, increase security and maximize uptime.

National Cyber Security Centre (NCSC) - United Kingdom

National Cyber Security Centre (NCSC) - United Kingdom

The NCSC acts as a bridge between industry and government, providing a unified source of advice, guidance and support on cyber security, including the management of cyber security incidents.

CROW - University of Waikato

CROW - University of Waikato

CROW is the first cyber security lab established in a New Zealand educational institution at the University of Waikato.

Morphisec

Morphisec

Morphisec's world leading prevention-first software stops ransomware and other advanced attacks from endpoint to the cloud.

Zanasi & Partners

Zanasi & Partners

Zanasi & Partners is a security research and advisory company active in the EU and MENA areas. Services focus on technology solutions.

Wynyard Group

Wynyard Group

Wynyard Group is a niche, technology-driven company specializing in Integrated Border Security solutions for enhanced public safety.

Secure-IC

Secure-IC

Secure-IC provide end-to-end, best-of-breed security expertise, solutions, and hardware & software technologies, for embedded systems and connected objects.

Blackfoot Cybersecurity

Blackfoot Cybersecurity

At Blackfoot, we work in partnership with you to deliver on-demand cyber security expertise and assurance, keeping you one step ahead of threats & compliant with regulations.

CentricalCyber

CentricalCyber

CentricalCyber is a cyber risk consultancy and NIST CSF specialist set up to help business leaders better understand and manage cyber risk.

Lumifi

Lumifi

Lumifi provide end-to-end cybersecurity resilience solutions with a specialty in managed detection and response (MDR) services.

Zyston

Zyston

Zyston's solutions provide end-to-end management of your cybersecurity needs. Our range of services help protect your business where it needs it the most.

Evo Security

Evo Security

Evo Security is an Identity and Access Management company focused exclusively on serving MSPs, MSSPs and their SMB and Mid-Market customers.

Ampcus Cyber

Ampcus Cyber

Ampcus Cyber specialize in providing comprehensive security solutions and services that are tailored to safeguard our clients' networks, infrastructure, and valuable assets.

Cyber Intell Solution (CIS)

Cyber Intell Solution (CIS)

Cyber Intell Solution provide expert consulting, specialized products, and tailored operational services to governmental and corporate industry worldwide.