Story image

How North Korea’s nuclear aggression masks a deeper threat

09 Oct 2017

By Eric O' Neill, Carbon Black

While the world has been holding its collective breath over North Korea’s highly visible rocket flights and nuclear threats, the rogue nation has been carrying out a stealth campaign that threatens even worse mayhem.

The North Koreans have launched 22 missiles in 15 tests in 2017, and US intelligence sources believe their most recent test detonated a 140-kiloton nuclear device, which the North Koreans claim was a hydrogen bomb.

While US President Donald Trump and North Korean leader Kim Jong Un have been trading threats and insults, the UN secretary-general has condemned the ballistic missile launches as serious violations of UN Security Council resolutions.

Clearly the missile tests are posturing by Kim in an attempt to show dominance to the United States and its allies. They are likely part of a strategy that follows Iran’s playbook: Get close to developing a nuclear weapon and the rest of the world will make a deal.

They are also a major distraction from a much bigger issue. The true risk from North Korea lies in is its cyber attack capabilities.

North Korea has invested heavily in cyber attack operations to disrupt its Western enemies. Western Intelligence services blamed the 2014 attack against Sony on North Korea’s spy agency, the Reconnaissance General Bureau. North Korea is also believed to be responsible for the cyber heist at Bangladesh’s central bank and the global WannaCry ransomware attack from earlier this year.

Pyongyang’s cyber spies conduct low-cost, high-impact, deniable attacks around the world to harm enemies, disrupt the West and steal money. Financial institutions are a prime target of theft as North Korea bleeds funds to support its nuclear program.

The goal for North Korea’s cybe rattack operations, beyond flying under the radar, is a deliberate and organised disrupt-and-attack approach in line with the country’s national strategy. Arguably, the more money and resources North Korea can steal via cyber attacks, the stronger its kinetic military can become.

Despite severe unemployment rates and appalling living conditions for its masses, North Korea invests in, and educates, a portion of its population in science and technology to work for its cyber military agency. Security experts and North Korean defectors have placed the numbers in North Korea’s cyber army in the thousands. Students are often handpicked to join the elite corps.

While all citizens must serve time in the military, those who serve as cyber spies continue to work in a surge capacity when the authoritarian government requires their support. In that respect, North Korea has at its disposal a dedicated and systematically developed cyber army on call.

The target of North Korea’s most frequent target of cyber attacks is its neighbour, South Korea. As pressure from the West to derail North Korea’s nuclear weapons program increases, Kim is expected to continue to develop cyber attack capabilities in response.

In turn, the United States should develop contingency plans to respond to a direct cyber attack from North Korea.

Most critically, the US should develop an escalation policy that establishes when a cyber attack is considered an act of war. In addition to targeting bank accounts or identity theft, cyber attacks can shut down power transmission, turn off water and prevent aircraft control towers from safely landing planes.

The United States needs to invest heavily in cyber security for critical infrastructure, hardening key control elements across the country and doubling down on protections to financial systems and power grids.

In North Korea and elsewhere, the battleground for future conflicts will be found in both kinetic and cyber-war theatres. As we continue to focus attention on Kim’s nuclear missile posturing, it’s important not to lose sight of North Korea’s cyber attack initiatives, which have successfully disrupted the West in recent years and will continue to do so in the future if we don’t take action.

Enterprise cloud deployments being exploited by cybercriminals
A new report has revealed a concerning number of enterprises still believe security is the responsibility of the cloud service provider.
Ping Identity Platform updated with new CX and IT automation
The new versions improve the user and administrative experience, while also aiming to meet enterprise needs to operate quickly and purposefully.
Venafi and nCipher Security partner on machine identity protection
Cryptographic keys serve as machine identities and are the foundation of enterprise information technology systems.
Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.
How blockchain could help stop video piracy in its tracks
An Australian video tech firm has successfully tested a blockchain trial that could end up being a welcome relief for video creators and the fight against video piracy.
IBM X-Force Red & Qualys introduce automated patching
IBM X-Force Red and Qualys are declaring a war on unpatched systems, and they believe automation is the answer.
Micro Focus acquires Interset to improve predictive analytics
Interset utilises user and entity behavioural analytics (UEBA) and machine learning to give security professionals what they need to execute threat detection analysis.