Looming Cyber Threats From Russia & N. Korea

Uploaded on 2018-01-30 in TECHNOLOGY--Hackers, NEWS-News Analysis, INTELLIGENCE-Hot Spots-Russia, INTELLIGENCE-Hot Spots-North Korea, GOVERNMENT-National, FREE TO VIEW

Threat actors from both nations ramped up their activities sharply in 2017, Flashpoint says in its Business Risk Intelligence Decision Report.

Cyberthreat activity from Russia and North Korea ramped up last year in response to several geopolitical factors, while that from China, long a source of problems for US organisations, tapered off a bit, a new business risk intelligence report from Flashpoint shows.

The report provides an assessment of how cyber-criminals and nation-state actors evolved their tactics, techniques, and procedures over the past year and what enterprises can expect from them in the short term. 

This report shows that ransomware continued to be a major driver for profit-motivated attacks and will likely remain that way in 2018 as well. But also emerging as a threat to organisations were geopolitical conflicts spilling over into cyberspace.
Threat activity by state-sponsored actors in North Korea, for instance, ramped up sharply in response to the tightening international sanctions against the country over its controversial nuclear missile program.  "North Korea really does seem to be engaged in a large-scale effort to steal funds to support the regime," says Jon Condra, author of the intelligence report and Flashpoint's director of Asia Pacific Research.

North Korean attacks on crypto-currency exchanges and the SWIFT financial network and the growing use of ransomware attacks by threat actors in the country suggest that the government there is feeling the crunch from the sanctions. 
A lot of the activity stemming from North Korea these days is the sort typically associated with financially motivated cyber-criminals, not nation-state actors. "North Korea is notoriously unpredictable. We see them as a continuing threat to almost any organisation," he says.

The threat from Russia is somewhat different. Recently, threat actors from the country appear to have ramped up cyber espionage and disinformation campaigns aimed at Western governments. 

Russia's suspected meddling in the 2016 US presidential election and the 2017 French elections and the leaking of classified NSA cyberattack tools by the Russian-speaking Shadow Brokers group in 2016 are some examples of likely nation-state sponsored activities from the country. "Russia has embraced cyber espionage and cyber-enabled disinformation as a core component of its international strategy," Condra says.

Moves by the US and European Union to tighten or extend some existing sanctions against Russia could trigger more such cyber threat activity from the country.

Nation-state-sponsored threat actors in Russia have the ability to do catastrophic damage to critical systems and infrastructure resulting in destruction of property and possible loss of life. China, though less active last year, has the same ability, as do the so-called Five Eyes nations: The United States, UK, Canada, Australia, and New Zealand.

Flashpoint has currently pegged North Korea as a Tier 4 threat with the ability to cause moderate damage like temporarily disrupting core business functions and critical assets. But the country's ability to marshal state resources as necessary to meet its objectives makes it a more dangerous player. "North Korea in particular is likely capable of using destructive and highly disruptive attacks in kinetic conflict scenarios to support military objectives," the report said.

In addition to nation-state threats, expect to see more activity from hacktivists, hate groups, and jihadists, according to the security vendor. 

The Turkish Aslan Neferler Tim (ANT) has been one the most active hacktivist outfits since the start of 2017 and has carried out a string of distributed denial-of-service attacks using attack infrastructure based in the US, Austria, and Turkey. 
While its targets are primarily Turkish, ANT has attacked airports, banks, and government organisations in the US, Greece, Denmark, Germany, and several other countries.

The continuing political polarisation in the US has also resulted in a resurgence of cyber activity by hate groups and non-jihadist threat actors. 

Many of them used the Internet, social media platforms, and messaging services such as Discord to disseminate propaganda and to publicise protests such as the deadly Unite the Right rally in Charlottesville last August. Groups like Antifa and the Resist Trump movement, too, used these channels to maintain their visibility among supporters. 

To organisations struggling with daily attacks by common cybercriminals, the danger from sophisticated nation-state foes can sometimes seem remote. But as the report highlights, geopolitical conflicts, hacktivist actions, and other seemingly unrelated developments have been increasingly spilling over into the cyber realm.

The trend has driven growing interest in threat intelligence service among organisations. Many want to build context around their internal telemetry by combining it with external threat data. The use of such services is especially prevalent in large organisations with established security operations centers, says John Pescatore, director of emerging security threats at the SANS Institute. "Mature SoC processes can make good use of threat data. It can help them more quickly adjust filters and shields for protecting against threats" that might still only be developing, Pescatore says.

Dark Reading

You Might Also Read:

Russia Is Providing North Korea With Internet Connectivity:

Poor North Korea Is A Cyber Superpower:

Russia Will Create Its Own Internet:

« Google’s AutoML Offers Machine Learning Models Without Having To Code
US Banks Face A Growing Threat »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

CQS (Certified Quality Systems)

CQS (Certified Quality Systems)

CQS is an organisation specialising in ISO assessment and certification, including ISO 27001, along with other management system standards.

Cyber Command

Cyber Command

Our Managed IT service allows clients to offload the management of day-to-day computer, server, and networking support to our team of professionals.

Leadcomm

Leadcomm

Leadcomm is a Brazilian company focused on the distribution and integration of IT systems and security solutions for large companies.

Advisera 27001Academy

Advisera 27001Academy

Advisera is a market leader in providing documentation and online support for the implementation of business standards including ISO 27001, ISO 22301 and EU GDPR.

Carbonite

Carbonite

Carbonite offers all the tools necessary for protecting data from the most common forms of data loss, including ransomware, accidental deletions, hardware failures and natural disasters.

Aristi Labs

Aristi Labs

Aristi Labs provides comprehensive security solutions to help businesses protect data and intellectual property, minimizing downtime and maximizing productivity.

ANSEC IA

ANSEC IA

ANSEC is a consultancy practice providing independent Information Assurance and IT Security focussed services to customers throughout the UK, Ireland and internationally.

3Lines Venture Capital

3Lines Venture Capital

3Lines Venture Capital invests in exceptional founders and startups working on broad disruptive themes of Future of Work, AI enabled enterprises, and Industry 4.0.

Stratus Technologies

Stratus Technologies

Edge Computing solves the inherent challenges of bandwidth, latency, and security at edge locations to enable IIoT devices and data acquisition.

Deeper Network

Deeper Network

Deeper Network represents the world's first decentralized blockchain network for building a truly private, secure and fair Internet.

Ostra Cybersecurity

Ostra Cybersecurity

As a next-generation MSSP, Ostra Cybersecurity combines best-in-class tools, proprietary technology and exceptional talent to deliver Fortune 100-level protection for businesses of all sizes.

Devolutions

Devolutions

Devolutions make best-in-class Privileged Access Management, Password Management, and Remote Connection Management solutions available to ALL organizations — including SMBs.

Onyxia

Onyxia

Onyxia's unique dynamic cybersecurity platform identifies gaps and prioritizes recommendations for proactive cybersecurity strategy, performance, remediation and management.

Interactive

Interactive

Interactive are a leading Australian IT service provider with services in Cloud, Cyber Security, Data Centres, Business Continuity, Hardware Maintenance, Digital Workplace, and Networks.

Arelion

Arelion

Arelion is a leading light in global connectivity and we've been keeping the world connected for nearly three decades.

Camelot Secure

Camelot Secure

Camelot Secure Secure360 platform is a holistic redefinition of what world-class cybersecurity strategies can be. Prepare. Protect. Deploy.