Threats of North Korean Hacking Looms Large after years of activity

Threat of North Korean Hacking Looms Large After Years of Activity

Threat of North Korean Hacking Looms Large After Years of Activity 1200 628 N2K

An outlaw walks in, mask covering their face. Two quick shots in the air, everyone on the ground. A scared receptionist makes their way to the back of the bank. The vault is unsealed, cash is handed over and the assailant flees. 

This is no longer how a bank is robbed. Instead of a wearing mask and strutting in, the modern bandit sits hunched in front of their computer, the shots in the air, simply pings indicating a data breach. The rogue outlaw, not some lone cyber gunslinger, but rather a member of a rogue state with the protection and backing of an entire nation’s military.

An August report jointly published by four different federal agencies, including the Treasury Department and FBI, states that North Korean hackers are again targeting global banks hoping to make fraudulent money transfers and to cause ATMs to spit out cash in an effort US agencies are dubbing “Fast Cash”.

The report, which alleges that North Korean hackers are gaining access to accounts and ATM information through phishing campaigns alongside other more direct hacking efforts, comes amidst an ongoing rise in North Korean hacking activity that has seen the country target corporations and consumers alike. Though North Korea is not the only nation whose state sponsored hacking has gone beyond governmental conflict, their efforts are among the most prolific; and due to the protection afforded to their hackers, their infrastructural capabilities and the scope of their actions, North Korean hacking should be on the mind of corporations now more than ever. 

North Korean hacking became a globally recognized phenomena in the wake of the infamous ‘WannaCry’ ransomware attack, along with the almost unbelievable 80 million dollar heist from banks in Bangladesh. The 80 million dollars the North Korean government managed to steal from Bangladeshi banks is both a feat of hacking achievement and an incredible disappointment for North Korea.

The hack did not target the bank itself, but instead targeted the machine through which the Bangladeshi central bank connects to SWIFT accounts. While simultaneously causing a system outage, the North Korean hackers initiated a series of transfers to mule accounts totaling 850 million dollars, that were only shut down due to the New York Fed’s suspicion of the amount of transfers coming from Bangladesh and the fact that many designed to go to a Sri Lankan mule were obviously misspelled.

The typos, which solidified suspicions, may be the most costly typos ever committed, and were a lucky bank for Bangladeshi investors. Despite this error, the attack which took advantage of both Bangladeshi and US scheduling practices, and demonstrated an intimate knowledge of the Bangladeshi Central Bank’s interconnected systems indicates either incredible luck or incredible skill. Even still, the incident is now small in comparison to recent North Korean activity, with a July report suggesting that the rogue state has secured over 2 billion dollars in funding from targeting banks.

Though similarly infamous, the ‘wannacry’ attack has also been dwarfed by recent activity. The attack, which saw ransomware lock down the files of over 300,00 computers, pales in comparison to this summer’s phishing scam which targeted over 5 million individuals. While a phishing scam and a ransomware attack do not make for an apples to apples comparison, phishing attacks can cause users to download malicious software enabling future ransomware attacks. Given that the WannaCry resurfaced again in 2018 and that multiple North Korean phishing campaigns have been alleged over the summer another ransomware attack may be on the horizon. 

As corporations deal with the increasing cyber challenges caused by working remotely and the new COVID normal, the actions of North Korea should be of extreme concern. The phishing scam and the imminent bank threats are just what the public has been informed of, it is possible other hacks committed by the state have gone undetected or unreported.

Previous attack patterns used by North Korea have also proven effective during the crisis. Reports from the FBI, Microsoft and MonsterCloud, suggests that while cyber crime generally has gone up during the pandemic instances of phishing scams and ransomware have gone up 400 and 800% respectively. State sponsored hacking also seems to be on the rise, with Russian backed hacking group Dancing Bear using a combination of ransom attacks and denial of service attacks to shut down the New Zealand Stock Exchange (NZX). As these attacks grow more common, and with no likely hope of recourse for the criminals consumer confidence may decline in cyber technologies.

North Korea has also dabbled in more traditional government hacking during the pandemic. The Isreali government reported they thwarted a hack on their defense industry by North Korean hackers. It is unclear what the motive behind the attack was, but some analysts suspect that North Korea was acting on behalf of Iran who alleges that Isreali hacking caused a fire at an Iranian Nuclear site. Concerningly, analysts at cyber security firm ClearSky have cast doubt on Isreali claims of a successful defense.

Even when corporations are not caught in the crossfire of North Korea’s actions, successful North Korean hacks have the potential to damage consumer trust in corporations, financial systems, or governments as a whole. Global governments appear to be transparent when dealing with North Korean hacks, quickly assigning blame to the rogue state while warning corporations in advance if efforts are known, as was the case with the current “Fast Cash” effort and the COVID phishing campaign.

Even still, corporations need to act beyond this information and assume a constant possibility of threat. North Korean attack patterns are sophisticated but somewhat consistent. Corporations can better prepare themselves with cyber security training that targets both phishing campaigns and ransomware attacks in order to ensure that employees both know to avoid such attacks and how to react properly if they become victims to such attacks.