Some national security and cybersecurity experts say cyber attacks, not nuclear weapons, are the biggest threat from North Korea.
Politicians and political journalists cite North Korea’s nuclear weapons program as the priority for President Trump’s second summit with North Korean leader Kim Jong-un in Vietnam this week, but new research suggests the rise of “nation-state linked ransomware” is a more pressing concern that demands immediate action.
Crowdstrike, a cybersecurity firm, releases a global cyber threats report each year, and in the 2018 and 2019 reports described North Korea as a growing threat.
Most damningly, Crowdstrike and the Asian Institute for Policy Studies describe North Korean ransomware attacks as state-sponsored fundraisers for Kim’s regime.
In September 2018, the U.S. charged and sanctioned a North Korean man with the 2014 cyberattack on Sony and the 2017 global WannaCry ransomware attack that crippled the United Kingdom’s National Health Service.
Cyber experts believe his actions may have been authorized by the North Korean state because, as Crowdstrike noted, the attack used “military-grade espionage techniques.”
According to Crowdstrike, “The rapid adoption of these leaked state-sponsored tactics, techniques and procedures (TTPs) is emblematic of one of the most prominent and alarming trends observed in the gathering of [the 2018] report.”
Crowdstrike expects rising tensions between the U.S. and North Korea to precipitate more cyberattacks because it has happened before: in 2017, Falcon Intelligence noticed an uptick in North Korean cyberattacks on U.S. electrical utilities after Trump’s critical remarks about North Korea in his speech to the United Nations.
For its 2018 outlook, Crowdstrike said, “Given the geopolitical tension surrounding the North Korean nuclear program, DPRK-based adversaries are likely to continue malicious cyber activity against entities in South Korea, Japan and the U.S.”
In the 2019 report released Feb. 19, Crowdstrike found consistently high levels of North Korean cyberattacks on U.S. entities, even though Trump seemed to make diplomatic “progress” with Kim at the June 2018 summit in Singapore.
“Neither public disclosure of DPRK-based adversary activity, nor the multiple diplomatic overtures between the DPRK and several countries — including the U.S., China, Russia and South Korea — appear to have decreased the pace of DPRK malicious cyber activity,” Crowdstrike said in the report. “In some cases, diplomatic activity appeared to motivate an increase in DPRK operations. For example, preceding the historic summit between U.S. President Donald Trump and DPRK leader Kim Jong-Un, CrowdStrike Intelligence observed an overall increase in targeted intrusion activity.”
Crowdstrike isn’t the only one making these observations. The Asian Institute for Policy Studies came to similar conclusions in a new report released Feb. 20, titled “The Evolution of North Korean Cyber Threats.”
“North Korea’s cyber army consists of approximately 7,000 hackers, performing a wide range of activities including theft, denial of service (DDoS), espionage and sabotage,” Senior Fellow Chong Woo Kim wrote. “Cyber operations are low-cost and low-risk, allowing North Korea to counter countries which have highly computer-dependent infrastructure, with little fear of retaliation.”
Chong said South Korea is North Korea’s biggest target, and most of North Korea’s attacks seem to be for the purpose of financial gain. Furthermore, not all of the attacks are sophisticated. Sometimes, the victims have poor cybersecurity practices and simply fail to protect themselves.
“[South Korea’s] Ministry of National Defense would not have suffered a serious security breach if it had followed the existing guidelines properly,” Chong wrote. “Along with developing good policies, efforts must also go into raising awareness of cyber security and changing user behavior of government employees to ensure policies stick and are implemented properly.”
Cybercriminals are so adept at covering their tracks that it is difficult for companies or government entities to realize when they’re attacked. Furthermore, health care and government are cybercriminals’ two top targets, and U.S. government entities are woefully unprepared for cyberattacks.
A state-sponsored hacker could attack a government entity and make it look like computer error, or a random power failure. Dozens could have already happened and we don’t know about it, MIT Professor Stuart Madnick, who specializes in information technology, told InsideSources.
Besides awareness, government entities all over the world must improve their cybersecurity measures or else face serious financial and national security damage.
“As the proverb says, ‘A small leak will sink a great ship,’” Chong said.