Story image

How North Korea’s nuclear aggression masks a deeper threat

09 Oct 2017

By Eric O' Neill, Carbon Black

While the world has been holding its collective breath over North Korea’s highly visible rocket flights and nuclear threats, the rogue nation has been carrying out a stealth campaign that threatens even worse mayhem.

The North Koreans have launched 22 missiles in 15 tests in 2017, and US intelligence sources believe their most recent test detonated a 140-kiloton nuclear device, which the North Koreans claim was a hydrogen bomb.

While US President Donald Trump and North Korean leader Kim Jong Un have been trading threats and insults, the UN secretary-general has condemned the ballistic missile launches as serious violations of UN Security Council resolutions.

Clearly the missile tests are posturing by Kim in an attempt to show dominance to the United States and its allies. They are likely part of a strategy that follows Iran’s playbook: Get close to developing a nuclear weapon and the rest of the world will make a deal.

They are also a major distraction from a much bigger issue. The true risk from North Korea lies in is its cyber attack capabilities.

North Korea has invested heavily in cyber attack operations to disrupt its Western enemies. Western Intelligence services blamed the 2014 attack against Sony on North Korea’s spy agency, the Reconnaissance General Bureau. North Korea is also believed to be responsible for the cyber heist at Bangladesh’s central bank and the global WannaCry ransomware attack from earlier this year.

Pyongyang’s cyber spies conduct low-cost, high-impact, deniable attacks around the world to harm enemies, disrupt the West and steal money. Financial institutions are a prime target of theft as North Korea bleeds funds to support its nuclear program.

The goal for North Korea’s cybe rattack operations, beyond flying under the radar, is a deliberate and organised disrupt-and-attack approach in line with the country’s national strategy. Arguably, the more money and resources North Korea can steal via cyber attacks, the stronger its kinetic military can become.

Despite severe unemployment rates and appalling living conditions for its masses, North Korea invests in, and educates, a portion of its population in science and technology to work for its cyber military agency. Security experts and North Korean defectors have placed the numbers in North Korea’s cyber army in the thousands. Students are often handpicked to join the elite corps.

While all citizens must serve time in the military, those who serve as cyber spies continue to work in a surge capacity when the authoritarian government requires their support. In that respect, North Korea has at its disposal a dedicated and systematically developed cyber army on call.

The target of North Korea’s most frequent target of cyber attacks is its neighbour, South Korea. As pressure from the West to derail North Korea’s nuclear weapons program increases, Kim is expected to continue to develop cyber attack capabilities in response.

In turn, the United States should develop contingency plans to respond to a direct cyber attack from North Korea.

Most critically, the US should develop an escalation policy that establishes when a cyber attack is considered an act of war. In addition to targeting bank accounts or identity theft, cyber attacks can shut down power transmission, turn off water and prevent aircraft control towers from safely landing planes.

The United States needs to invest heavily in cyber security for critical infrastructure, hardening key control elements across the country and doubling down on protections to financial systems and power grids.

In North Korea and elsewhere, the battleground for future conflicts will be found in both kinetic and cyber-war theatres. As we continue to focus attention on Kim’s nuclear missile posturing, it’s important not to lose sight of North Korea’s cyber attack initiatives, which have successfully disrupted the West in recent years and will continue to do so in the future if we don’t take action.

The attack surface: 2019's biggest security threat
As businesses expand, so does their attack surface – and that may be the biggest cybersecurity risk of them all, according to Aon’s 2019 Cyber Security Risk Report.
Opinion: Cybersecurity as a service answer to urgent change
Alan Calder believes a CSaaS model can enable a company to build a cyber resilience strategy in a coherent and consistent manner.
New threat rears its head in new malware report
Check Point’s researchers view Speakup as a significant threat, as it can be used to download and spread any malware.
Oracle updates enterprise blockchain platform
Oracle’s enterprise blockchain has been updated to include more capabilities to enhance development, integration, and deployment of customers’ new blockchain applications.
Used device market held back by lack of data security regulations
Mobile device users are sceptical about trading in their old device because they are concerned that data on those devices may be accessed or compromised after they hand it over.
Gartner names ExtraHop leader in network performance monitoring
ExtraHop provides enterprise cyber analytics that deliver security and performance from the inside out.
Symantec acquires zero trust innovator Luminate Security
Luminate’s Secure Access Cloud is supposedly natively constructed for a cloud-oriented, perimeter-less world.
Palo Alto releases new, feature-rich firewall
Palo Alto is calling it the ‘fastest-ever next-generation firewall’ with integrated cloud-based DNS Security service to stop attacks.