Kim Jong-un Leaves Tiny Footprints on U.S. Cyberattacks

Many security experts agree that North Korean (NK) leader Kim Jong-un has been very busy–not just trading Twitter barbs with Donald Trump either. There have been curious cyberattacks in the U.S. and abroad, leaving tiny cyber footprints in Kim’s shoe size.

The most recent attack installs spyware on mobile devices used by NK defectors and the people alleged to have helped them. The anti-virus firm McAfee backed up this assertion after analyzing files from attacks by NK-linked SunTeam cybercrime group. Since it’s believed that little happens in NK without Kim knowing about it, well–below are two of their more infamous hacks involving the US. You be the judge.

Some cyber experts feel Kim was behind the far-reaching and notorious hack in 2017 called WannaCry. The ransomware wreaked havoc in over 150 countries. It took captive countless computer systems full of critical data worldwide. Much of the stolen data placed a vice-grip on the healthcare industry in the U.S. and abroad. Incredibly, tools for the ransomware hack were stolen from the National Security Agency and then published worldwide for hackers to see. The group known for the theft, called “Shadow Brokers,” is believed to have ties to Russian intelligence.

Did Kim take advantage of the information for his own use? The goal of WannaCry was clearly financial, with information captors demanding $300-$600 in Bitcoin ransom for each victim. Maybe not considered a dictator's ransom, but multiply that worldwide…estimated damage of $53 billion. It’s speculated that the many sanctions placed on NK over the years have negatively affected their economy, leaving ransomware a practical motive for Kim.

October 2014 saw the NK cyberattack against Sony Pictures. The “Guardians of Peace” hacker group famously jacked countless documents from Sony Pictures. The movie The Interview was on the verge of being released by the studio when the hack happened. The dark comedy took aim at Kim, centering on an assassination plot toward the leader.

The stolen documents were used as leverage to prevent the movie release. They allegedly contained highly confidential and compromising information on studio executives. Over the following weeks, large amounts of the stolen data were posted online, exposing Sony Pictures to a public relations nightmare and further cyber vulnerabilities.

Kim insisted he had no prior knowledge of the attack, suggesting loyal hacktivists supporting him and his regime may have been responsible. Time will tell as the tiny footprints continue to be tracked.

Sometimes there is little you can do to protect information. But there are always some ways to lower the risk:

- Backup important data and systems. If ransomware strikes, it will be possible to quickly restore it from a recent backup.

- Limit what information is posted online. Even if all account settings are at the most secure level, all information posted on the Internet should be considered available to the world.

- Implement cybersecurity tools such as firewalls, intrusion prevention and detection devices, and anti-malware and anti-virus software at a minimum. Keep everything up-to-date.

- Train staff and others on cybersecurity essentials such as how to identify a phishing email message and how to limit their exposure on social media. Phishing is still how many attacks succeed, including WannaCry. Social media profiles are a treasure trove of information for W-2 theft and business email compromise (BEC) attacks.

Many attacks don't target a specific group, industry, or organization. So, just because yours may be small, if the objective is cash then the size of the organization doesn't matter. All the attackers want is an opening and those can be found using many methods. Two big ones are unpatched and outdated systems and phishing. Stay on top of these and you can prevent your organization from getting stepped on by any sized footprints.

© Copyright 2018 Stickley on Security