Just last month, the world was rocked by one of the largest cryptocurrency heists in history. Coincheck, Japan’s largest cryptocurrency exchange, reported that hackers stole the digital equivalent of $530 million. Even previously massive cryptocurrency thefts, like the one at NiceHash in December, pale in comparison to this one.
Adding a new and concerning layer to this crime, South Korean intelligence agencies stated that there is a possibility the theft was conducted at the behest of North Korea’s authoritarian regime. Although at time of writing no direct evidence has linked the pariah state to the attack, the South Korean suspicions are perhaps not unfounded. They are certainly not exclusive; the U.S. government publicly accused North Korea of being behind the WannaCry ransomware epidemic that affected 150 countries last year. Endpoint security vendor FireEye connected North Korea to three separate bitcoin heists in South Korea in 2017 alone.
Why should any of this concern your enterprise? Because this accusation carries with it the implication that North Korea’s hacking efforts are continuing to increase in both ambition and success. It suggests that hackers working on behalf of nation-states, about whom cybersecurity analysts have expressed grave concerns, are more than a black market service; instead, they will be a fundamental part of future intelligence and military outfits. Without proper preparation, every enterprise is at risk from this evolving species of threat actor.
Here’s 3 things to keep in mind about the North Korean hacking crimewave:
Nation-State Hackers Will Not Just Target Other Nation-States
North Korea’s digital criminals are really more of a division of its armed forces. The country has a dedicated corps of 6,000 hackers trained in specially designed military schools, with their own chains of command via a government oversight bureau.
But this is not an army mobilized to fight against another army in the digital battle field. This is an army recruited in part to obtain funds for the heavily-sanctioned state, whose economy is extremely brittle. That they therefore target cryptocurrency exchanges makes sense, as they are largely unregulated, anonymous, and can be converted to hard currency on a whim.
However, North Korea’s digital interests are far from singularly financial; some attacks are intended only to cause chaos. The WannaCry ransomware didn’t turn a profit but brought the British National Health Services to their knees for a brief moment. In 2014 hackers leaked documents from Sony Pictures Entertainment to disrupt the release of The Interview, a film mocking North Korean dictator Kim Jung-un. A British television network was hacked for airing a drama on North Korean governmental abuses. There have been allegations of attempted hacks on utility companies, rail systems, and most recently via the zero-day exploit on Adobe Flash Player.
The big takeaway here is that nation-state hackers will target anyone and everyone they believe to be a viable target—whether for their personal financial gain, to throw their enemies’ everyday lives into disorder, or to silence criticism half a world away. If your enterprise falls on their radar, you might be next. Even if you only utilize larger organizations as vendors or are a vendor to those enterprises, there is still the potential for you to be caught in the blast…or the infection vector. No enterprise, regardless of industry, is safe from this new kind of warfare.
To quote Chris Murphy: “Cyber warfare has no innocents; only collateral damage. Nations don’t just attack each other. They attack business processes, financial assets, trade secrets, etc. The current cyber war is being conducted using state-of-the-art technology to attack a security model that hasn’t evolved since the introduction of security on the Internet.”
Governments Are Relatively Powerless to Stop Nation-State Hackers
To indulge in some political science jargon for a moment, a nation-state at its absolute core is successful if the government can enforce its will inside its claimed borders. However, this definition only pertains to the physical borders, at least in its classic understanding. Digital borders have proven far more porous and difficult to enforce.
All of the accusations against North Korea have remained in the realm of unproven allegations, at least to the public’s knowledge. None of them have translated into direct governmental or international action against the country. This is in part because hacking is so anonymized a process that finding the definitive proof that a specific nation-state was behind this or that attack can be the metaphorical needle-in-a-haystack; many of North Korea’s hackers conduct their attacks outside the country and with their own modular programs, making tracing futile.
Furthermore, digital retaliation is out of the question. The North Korean infrastructure is so primitive it renders any such attempt worthless. The country is already economically sanctioned, which means adding more would be a meaningless exercise. And no country is willing to risk a physical confrontation over a digital allegation. This leaves us in a world where nation-state hackers can do massive damage with almost no resistance on the global stage.
This means your enterprise must face this coordinated, well-funded, and highly trained group of threat actors virtually alone. Your cybersecurity defense falls squarely on your shoulders—the government can’t shoulder it themselves—and therefore it needs to be taken seriously.
The Japanese government claims it asked Coincheck to improve their digital security before the attack, but the exchange took no action and suffered the consequences. Don’t make the same mistake: work with a solution provider to fortify your network, support your cybersecurity team’s efforts to monitor for malicious activity, and have an incident response plan in place for when the worst happens. With the right preparation you can deter and mitigate attacks and save your company millions.
It’s More than North Korean Hackers
We’ve been talking about North Korea because they are currently the (allegedly) most visible nation-state utilizing threat actors for their own gain, but they are far from the only one to do so. We all know about Russia’s interference with the U.S. and French elections. Recent reports suggest Chinese intelligence is using fake LinkedIn profiles to glean corporate information. This is the new face of international conflict; not a physical war but the same ill intent and with no regard for the distinction between civilian and soldier.
Your enterprise’s data might be a valuable target for an enemy strapped for cash, or who thinks that stealing it might cause general mayhem. You need to be prepared for the reality that the local bedroom hacker may not be the face of digital threats for much longer. A more professional and more motivated visage may be peering back at you from the other side of the screen.
- More Expert Commentary and Coverage of the GetHealth Exposure - September 14, 2021
- GetHealth Platform Misconfiguration Exposes 61 Million Fitness-Tracking Records - September 13, 2021
- Panther Labs Releases State of SIEM 2021 Report - September 13, 2021