sb-eu logo
Story image

How North Korea’s nuclear aggression masks a deeper threat

09 Oct 2017

By Eric O' Neill, Carbon Black

While the world has been holding its collective breath over North Korea’s highly visible rocket flights and nuclear threats, the rogue nation has been carrying out a stealth campaign that threatens even worse mayhem.

The North Koreans have launched 22 missiles in 15 tests in 2017, and US intelligence sources believe their most recent test detonated a 140-kiloton nuclear device, which the North Koreans claim was a hydrogen bomb.

While US President Donald Trump and North Korean leader Kim Jong Un have been trading threats and insults, the UN secretary-general has condemned the ballistic missile launches as serious violations of UN Security Council resolutions.

Clearly the missile tests are posturing by Kim in an attempt to show dominance to the United States and its allies. They are likely part of a strategy that follows Iran’s playbook: Get close to developing a nuclear weapon and the rest of the world will make a deal.

They are also a major distraction from a much bigger issue. The true risk from North Korea lies in is its cyber attack capabilities.

North Korea has invested heavily in cyber attack operations to disrupt its Western enemies. Western Intelligence services blamed the 2014 attack against Sony on North Korea’s spy agency, the Reconnaissance General Bureau. North Korea is also believed to be responsible for the cyber heist at Bangladesh’s central bank and the global WannaCry ransomware attack from earlier this year.

Pyongyang’s cyber spies conduct low-cost, high-impact, deniable attacks around the world to harm enemies, disrupt the West and steal money. Financial institutions are a prime target of theft as North Korea bleeds funds to support its nuclear program.

The goal for North Korea’s cybe rattack operations, beyond flying under the radar, is a deliberate and organised disrupt-and-attack approach in line with the country’s national strategy. Arguably, the more money and resources North Korea can steal via cyber attacks, the stronger its kinetic military can become.

Despite severe unemployment rates and appalling living conditions for its masses, North Korea invests in, and educates, a portion of its population in science and technology to work for its cyber military agency. Security experts and North Korean defectors have placed the numbers in North Korea’s cyber army in the thousands. Students are often handpicked to join the elite corps.

While all citizens must serve time in the military, those who serve as cyber spies continue to work in a surge capacity when the authoritarian government requires their support. In that respect, North Korea has at its disposal a dedicated and systematically developed cyber army on call.

The target of North Korea’s most frequent target of cyber attacks is its neighbour, South Korea. As pressure from the West to derail North Korea’s nuclear weapons program increases, Kim is expected to continue to develop cyber attack capabilities in response.

In turn, the United States should develop contingency plans to respond to a direct cyber attack from North Korea.

Most critically, the US should develop an escalation policy that establishes when a cyber attack is considered an act of war. In addition to targeting bank accounts or identity theft, cyber attacks can shut down power transmission, turn off water and prevent aircraft control towers from safely landing planes.

The United States needs to invest heavily in cyber security for critical infrastructure, hardening key control elements across the country and doubling down on protections to financial systems and power grids.

In North Korea and elsewhere, the battleground for future conflicts will be found in both kinetic and cyber-war theatres. As we continue to focus attention on Kim’s nuclear missile posturing, it’s important not to lose sight of North Korea’s cyber attack initiatives, which have successfully disrupted the West in recent years and will continue to do so in the future if we don’t take action.

Story image
Bitglass receives US patent for SAML technology
Bitglass designed its SAML relay to allow a cloud access security broker (CASB) to be inserted into the traffic flow between users and cloud services during the login process.More
Story image
Shlayer malware proves Apple devices aren't as secure as you think
"Apple never talks about malware publicly, and loves to give the impression that its systems are secure. Unfortunately, the opposite has been proven to be the case with great regularity."More
Story image
Proofpoint launches new SMB focused security awareness training
Proofpoint has launched security awareness training for small to medium businesses (SMBs) with the aim of reducing successful phishing attacks and malware infections to almost zero. More
Story image
Research: 61% of companies have suffered an insider attack in last 12 months
It comes as rapid migration to cloud and remote working and BYOD scenarios leave organisations increasingly vulnerable to insider attacks as a result of the upheaval caused by the COVID-19 pandemic.More
Story image
75% of IT execs 'worried' about being targeted in cyber-attack
A new report from ConnectWise has shed light on the widespread concern about cyber-attacks, with 91% of SMB executives considering a move to an MSP if it provided the 'right' solution.More
Story image
Proofpoint and CyberArk extend partnership to further safeguard high-risk users
“Our CyberArk partnership extension provides security teams with increased detection and enhanced adaptive controls to help prevent today’s most severe threats."More