United Nations Investigating N Korean Cyber Attacks

The United Nations is now investigating 30 North Korean cyber-attacks against 17 different countries. North Koreans the UN says is using cyber-attacks to raise money for weapons of mass destruction programmes. Now the UN is calling for sanctions against ships providing petrol and diesel on route to N. Korea.

Recently, The Associated Press quoted a report from the cyber security specialist firm FireEye which said that North Korea stole as much as US $2.77 billion using cyber-attacks on banks and finance organisations. 

The Report suggest that S. Korea was the hit hardest by ten attacks, India had three, Bangladesh and Chile were hit by three attacks and another 13 countries were hit at least once Costa Rica, Gambia, Guatemala, Kuwait, Liberia, Malaysia, Malta, Nigeria, Poland, Slovenia, South Africa, Tunisia and Vietnam.

The Report says there are three main ways that North Korean hackers operate:

  • Attacks through the Society for Worldwide Interbank Financial Telecommunication or Swift system used to transfer money between banks, "with bank employee computers and infrastructure accessed to send fraudulent messages and destroy evidence".
  • Theft of crypto-currency "through attacks on both exchanges and users".
  • "Mining" of crypto-currency as a source of funds for a professional branch of the military".
  • The FireEye experts say that these increasingly sophisticated attacks "is low risk and high yield", often requiring just a laptop computer and access to the Internet.

The report to the UN Security Council provides details on some of the North Korean cyber-attacks as well as the country's successful efforts to evade sanctions on coal exports in addition to imports of refined petroleum products and luxury items including Mercedes-Benz S-600 cars.

One Mercedes Maybach S-Class limousine and other S-600s, as well as a Toyota Land Cruiser, were transferred from North Korea to Vietnam for last February's summit between North Korean leader Kim Jong Un and US President Donald Trump. 
The panel recommended sanctions against six North Korean vessels for evading sanctions and illegally carrying out ship-to-ship transfers of refined petroleum products. 

Under UN sanctions, North Korea is limited to importing 500,000 barrels of such products annually including petrol and diesel. The United States and 25 other countries said North Korea exceeded the limit in the first four months of this year.

The panel also recommended sanctions against the captain, owner and parent company of the North Korean-flagged Wise Honest, which was detained by Indonesia in April last year with an illegal shipment of coal.

The experts said North Korean cyber actors have been targeting crypto-currency exchanges in South Korea, some repeatedly.

Straits Times

You Might Also Read: 

Surge Of Attacks On Banking & Finance Using N Korean Tools:


 

« Webinar: How to Build a Threat Detection Strategy in AWS
Airlines Think Biometrics Will Improve Passengers' Experience »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Infoblox

Infoblox

Infoblox solutions help businesses automate complex network control functions to reduce costs, increase security and maximize uptime.

CDNetworks

CDNetworks

CDNetworks is a global content delivery network with a fully integrated cloud security solution, offering unparalleled speed, security and reliability for the almost instant delivery of web content.

Seclab

Seclab

Seclab is an innovative player in the protection of industrial systems and critical infrastructure against sophisticated cyber attacks.

Veriato

Veriato

Veriato develops intelligent solutions that provide companies with visibility into the human behaviors and activities occurring within their network, making them more secure and productive.

SCADAfence

SCADAfence

SCADAfence offers cutting edge cybersecurity solutions designed to ensure the operational continuity of industrial (ICS/SCADA) networks.

Block Armour

Block Armour

Block Armour is a Mumbai and Singapore based venture focused on harnessing emerging technologies to counter growing Cybersecurity challenges in bold new ways.

Xperien

Xperien

Xperien is a leading South African Information Technology Asset Disposition (ITAD) company.

Asia Data Destruction (ADD)

Asia Data Destruction (ADD)

ADD is the leading IT Assets Disposal and Data Destruction Company in Thailand.

Terralogic

Terralogic

Terralogic is a software and IT services company, an expert in IoT, Cloud, DevOps, App development and Cybersecurity.

Binare

Binare

Binare empowers companies all over the world to improve their IIot/IoT /Embedded cybersecurity posture and digital privacy.

Plerion

Plerion

Plerion is an all-in-one Cloud Security Platform that supports workloads across AWS, Azure, and GCP delivering cloud security posture management, workload security, data security and more.

Hushmesh

Hushmesh

Hushmesh is a start-up aimed at securing the world’s digital infrastructure by developing develop the Mesh, a global information space with automated security built in.

SydeLabs

SydeLabs

At SydeLabs, our mission is to ensure the comprehensive security of your AI systems.

Backslash Security

Backslash Security

With Backslash, AppSec teams gain visibility into critical risks in their apps based on reachability and exploitability.

Atumcell

Atumcell

Atumcell’s targeted risk assessment exposes emerging threats before they cause harm.

BUI

BUI

BUI is a global technology consultancy and Cloud Solution Provider specialising in cloud, security, and networking solutions for mid-market and enterprise-level business across the world.