Retaliation Against N Korea For WannaCry

The US and UK may be engaged in cyber offensives against North Korea in retaliation for attacks such as WannaCry, which caused widespread disruption to public services, companies and homes around the world in May 2017.

Neither the UK nor the US government will confirm whether they have already mounted revenge cyber attacks against North Korea. However, a hint that action was already being taken was offered when Facebook said it had recently deleted accounts linked to the Lazarus Group, a hacking entity associated with North Korea that both the US and UK blame for the WannaCry attacks.

A spokesperson for the UK’s National Cyber Security Centre (NCSC), the public face of the surveillance agency GCHQ, said: “Our assessment has been that North Korean actors known as the Lazarus Group were very likely responsible for the WannaCry attack back in May this year.”

Although the White House announced recently that it believed North Korea was behind the attack, the same finding was made by the NCSC in June and announced in the UK in October by the Home Office minister Ben Wallace. 

The US and UK governments went further recently by suggesting it was highly likely the Lazarus Group was backed by the North Korean government. 

The British Foreign Office minister for cyber, Tariq Ahmad, said: “We condemn these actions and commit ourselves to working with all responsible states to combat destructive criminal use of cyberspace. The indiscriminate use of the WannaCry ransomware demonstrates North Korean actors using their cyber programme to circumvent sanctions.” He added: “International law applies online as it does offline. The United Kingdom is determined to identify, pursue and respond to malicious cyber-activity regardless of where it originates, imposing costs on those who wish to attack us in cyberspace. We are committed to strengthening coordinated international efforts to uphold a free, open, peaceful and secure cyberspace.”

The UK Ministry of Defence and GCHQ have a range of options for mounting offensive cyber-attacks that could create disruption in North Korea. 

The defence secretary, Gavin Williamson, told the Evening Standard that Britain would “never hesitate to deal with aggression and threats”.  Two Royal Navy warships are heading to join the US in the region. Williamson said: “North Korea is a massive threat. They are a real danger to this country.”

Tom Bossert, a White House homeland security adviser, said on Tuesday: “Facebook took down accounts and stopped the operational execution of ongoing cyber-attacks and Microsoft acted to patch existing attacks, not just the WannaCry attack initially.”

A Facebook spokesman said the company had deleted accounts associated with Lazarus “to make it harder for them to conduct their activities”. It had also notified individuals in contact with these accounts to suggest they consider enhancing their account security. 

Lazarus is widely believed by security researchers and US officials to have been responsible for the 2014 hack of Sony Pictures Entertainment. The hack destroyed files, leaked corporate communications online and led to the departure of several executives. Facebook said it had acted with Microsoft “and other members of the security community” to disrupt the group’s activities. “Our companies have a history of sharing threat information and working together to protect our users and the web as a whole.”

The US administration has publicly identified North Korea as the biggest threat to the US, mainly because of progress Pyongyang is making in developing a nuclear warhead and ballistic missile system capable of hitting the US mainland. 
The administration signaled it could revise its national strategy to make cyber-attacks a new category that could prompt retaliation with a nuclear strike.

Bossert said those responsible for carrying out cyber-attacks would be held accountable, but he did not mention specific action Washington was considering taking against Pyongyang. 

In spite of warlike rhetoric from Donald Trump, his security advisers are focused mainly on trying to put pressure on China to deal with North Korea. The US hope is that such rhetoric will alarm Beijing sufficiently to press the North Korean leader, Kim Jong-un, to abandon the nuclear weapons programme in favour of negotiations. 

Bossert said the US would “publicly attribute” WannaCry to North Korea. He described the attack as “cowardly, costly and careless”. “We do not make this allegation lightly,” he wrote in an op-ed in the Wall Street Journal. “It is based on evidence. We are not alone with our findings, either. Other governments and private companies agree. The United Kingdom attributes the attack to North Korea, and Microsoft traced the attack to cyber-affiliates of the North Korean government.” Bossert added: “North Korea has acted especially badly, largely unchecked, for more than a decade, and its malicious behaviour is growing more egregious.”

He called on governments and businesses to work together to reduce the risks of cyber-attacks and for harsher punishments for the groups and individuals behind them. “Malicious hackers belong in prison, and totalitarian governments should pay a price for their actions,” he said.

While North Korea is believed to run a sophisticated cyberwarfare operation that has traditionally targeted South Korea, the regime has repeatedly denied it was behind WannaCry. 

WannaCry was notable for being one of the first examples of ransomware that was also a worm, meaning it could move automatically from computer to computer. That enabled its rapid spread throughout the world before it was stopped thanks to the accidental discovery of a “killswitch” hidden in its code.

The malware infected computer systems at NHS hospitals in Britain, forcing thousands of patients to reschedule appointments. FedEx was among the hardest hit of corporate targets, saying it expected a $300m hit to profits as a result of the attack.

Guardian:

You Might Also Read: 

UK To Increase National Cyber Defences:

GCHQ To Create A UK National Firewall:

North Korea, WannaCry, Cyberattacks And Lazarus:
 

« Canada’s Electronic Spies Unleashed
GCHQ Doubles Down On Cyber Weapons »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

PeCERT

PeCERT

PeCERT is the national Computer Emergency Response Team for Peru.

Fortress Group

Fortress Group

Fortress is specialized in confidential and discrete recruitment solutions and temporary staffing in the field of security and risk management.

Neoteric Networks

Neoteric Networks

We deliver a no nonsense procedure to implementing technology. The technology selection process ensures that all customers enjoy an engineered methodology implementing technology.

mPrest

mPrest

mPrest is a global provider of mission-critical monitoring and control solutions for the defense, security, utility and Industrial Internet of Things (IoT) sectors.

BlueFiles

BlueFiles

BlueFiles enables users to send encrypted files securely while maintaining full control over recipients, access periods, downloads, and printing.

Slovak National Accreditation Service (SNAS)

Slovak National Accreditation Service (SNAS)

SNAS is the national accreditation body for Slovakia. The directory of members provides details of organisations offering certification services for ISO 27001.

InnoValor

InnoValor

InnoValor realises value from digital innovation for organisations and government. We provide advisory services and develop innovative software solutions, based on our background in research.

Netacea

Netacea

Netacea provides a revolutionary bot management solution that protects websites, mobile apps and APIs from malicious attacks such as scraping, credential stuffing and account takeover.

NanoVMs

NanoVMs

NanoVMs is the industry's only unikernel platform available today. NanoVMs runs your applications as secure, isolated virtual machines faster than bare metal installs.

Neptune Cyber

Neptune Cyber

Neptune is a cyber security company that works exclusively in the marine sector. Our team combines experts in shipbuilding, maintenance and operations and cyber security testing and design.

Stefanini Group

Stefanini Group

Stefanini is a global IT services company providing a broad range of solutions for digital transformation including automation, cloud, IoT and cybersecurity.

Cyber Security for Europe (CyberSec4Europe)

Cyber Security for Europe (CyberSec4Europe)

CyberSec4Europe is designing, testing and demonstrating potential governance structures for a European Cybersecurity Competence Network.

QuantiCor Security

QuantiCor Security

QuantiCor Security is one of the world’s leading developers and manufacturers of quantum computer resistant security solutions for IT infrastructures and the Internet of Things (IoT).

Techstep

Techstep

Techstep is a complete mobile technology enabler, making positive changes to the world of work; freeing people to work more effectively, securely and sustainably.

Emagine IT

Emagine IT

Emagine IT supports federal agencies and enterprises by leveraging a data-first approach to delivering cutting-edge IT, cybersecurity, and digital transformation services.

Kali Linux

Kali Linux

Kali Linux is an open-source, Debian-based Linux distribution geared towards various information security tasks, such as Penetration Testing.