N. Korea Is Ready For Global Cyber Conflict

Uploaded on 2017-11-29 in GOVERNMENT-National, GOVERNMENT-Defence, FREE TO VIEW, INTELLIGENCE-Hot Spots-North Korea, NEWS-Cybersecurity News, TECHNOLOGY--Hackers

It’s no secret that North Korea has a cyber army working in the shadows to attack western interests. The cyber-attack against Sony Pictures in 2014 made it clear that the nation had developed its cyber warfare capabilities much more than had been realised until then.

But now it appears that North Korea has set its sights on loftier goals, perhaps spreading chaos and even damage worldwide through a well-placed series of cyber-attacks on defense targets, industry and media.

Now, US-CERT and the Federal Bureau of Investigation have issued a series of warnings intended to provide the necessary information for organisations to prevent or reduce the likelihood of a successful North Korean infiltration. However, it the warning may be too late for some organisation because their networks have been infected by the components of Hidden Cobra, which refers to the collection of malware being used to attack targets in South Korea and elsewhere around the world.

Hidden Cobra is an umbrella operation that launches malware against a wide variety of targets that North Korea is studying, apparently for future action. 

According to Paul Innella, CEO of TDI Security, the goal of the Hidden Cobra operation appears to have changed. He said that North Korea has moved from running ransomware operations to something more sinister, information gathering.
“A lot of it is polling information on network infrastructure data,” Innella explained. “They’re trying to map out what we have.” He said that this operation already resulted in a breach that compromised planning between the military of South Korea and the United States.

Innella said that there’s been discussion recently about recent failures of North Korean rocket launches and whether those failures occurred as a result of cyber-attacks by the west. He said that it appears that the North Korean effort to map out the infrastructure of organisations in the West is a precursor to cyber-war.

Initially the attacks are likely to be against the military or launch systems, Innella said. But the plans of the North Koreans apparently go beyond that. The warnings from the Department of Homeland Security through US-CERT and the FBI indicate that there are also plans to attack the financial sector, aerospace and telecommunications using its FallChill malware, which is part of Hidden Cobra.

FallChill is a remote administration tool that evades detection by encrypting its communications traffic using TLS (transport layer security). The malware is able to use its remote administration capabilities to map out a network and then to report what it finds. The idea is that once FallChill has mapped out the networks (including the defenses) North Korea will know what and where to attack for best effect.

Fortunately, there is something that can be done about Hidden Cobra and its components. Innella pointed out that while North Korea and its cyber forces are persistent, they’re not unbeatable. 
“On the scale of global cyber warfare, I wouldn’t say they’re the most impressive adversary,” Innella said. He added that they’re not the equal of China or Russia in terms of their ability to wage cyber-war.
While Innella said that North Korea is a very big cyber-threat, most CISOs should be able to prevent them from exploiting their networks.
“There’s nothing significantly different about their attacks,” Innella said. “Any robust defense program is going to have some level of threat awareness. Your CISO you would have already seen the CERT notice and made the changes.”
The recommendations by US-CERT provides enough information to enable your network security team to perform the necessary white listing, and should also be able to see from their routers and firewalls whether any traffic from FallChill or its Trojan companion, Volgmer, has passed in or out of your network. 

The alerts include the IP addresses that the malware uses for reporting and for command and control, enabling your IT security specialists to block those addresses.

The US-CERT note also makes specific recommendations that are important for keeping the North Korean malware at bay. 
They include application whitelisting, so that you can prevent anything from running on your servers except specific software, keeping operating systems up to date, keeping your antivirus and anti-malware software up to date and by restricting permissions to the level that is required for people to do their jobs and nothing more.
In addition, the recommendations include making sure your staff knows not to click on unknown links and not to go to suspicious websites. Innella said that most of the infections he’s seeing started with visits to dubious sites where a user did something dumb, such as clicking on a link that downloaded malware.

US-CERT also urged organisation to train all staff to recognise and avoid email scams. 

Good system hygiene is critical, and most of the steps for avoiding it are the same whether the threat is from North Korea or a cyber-criminal trying to get rich on ransomware. The US-CERT note also makes specific recommendations that are important for keeping the North Korean malware at bay. They include application whitelisting, so that you can prevent anything from running on your servers except specific software, keeping operating systems up to date, keeping your antivirus and anti-malware software up to date and by restricting permissions to the level that is required for people to do their jobs and nothing more.

In addition, the recommendations include making sure your staff knows not to click on unknown links and not to go to suspicious websites. Innella said that most of the infections he’s seeing started with visits to dubious sites where a user did something dumb, such as clicking on a link that downloaded malware. 

US-CERT also urged organisation to train all staff to recognise and avoid email scams, and that you not enable to macros in email software. Perhaps the thought of Kim Jung  Un leafing through your intellectual property files is enough to drive home the idea. You know the things you have to do to be safe, but for them to work, you have to actually do them.

Ein News

You Might Also Read:

US Data Systems Under Attack:

Microsoft Chief Says N. Korea Was Behind 'WannaCry:

 

« Startups Are Changing The Future Of Cybersecurity
Apple Must Fix Its Embarrassing Password Bug »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Global Knowledge Training

Global Knowledge Training

Global Knowledge is a worldwide leader in IT and business training, featuring Cisco, Microsoft, VMware, IBM, security, cloud computing, and project management.

Cipher Tooth

Cipher Tooth

CipherTooth is a superior system for delivering secure content over the Internet.

Internet Storm Center (ISC)

Internet Storm Center (ISC)

ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with ISPs to fight back against the most malicious attackers.

Thinkst Applied Research

Thinkst Applied Research

Thinkst is an Applied Research company with a deep focus on information security.

Sistem Integra (SISB)

Sistem Integra (SISB)

SISB provide IT Security Infrastructure & Development, Mechanical & Electrical Services, Fire Safety & Detection Services, Facilities Management & Application Development.

Utility Cyber Security Forum

Utility Cyber Security Forum

The Utility Cyber Security Forum offers a focused venue in which utility executives can network one-on-one with colleagues facing issues in protecting against cyber attacks.

Singular Security

Singular Security

Singular Security help public and private organizations minimize cybersecurity risk and pass their IT compliance audit.

BOXX Insurance

BOXX Insurance

BOXX Insurance Inc. is a new type of insurance company for a new type of risk. Cyberboxx is the first fully-integrated cybersecurity and insurance solution for small-to-medium-sized businesses.

Cyber Resilience Centre for Wales (WCRC)

Cyber Resilience Centre for Wales (WCRC)

The Cyber Resilience Centre for Wales (WCRC) is part of the national roll out of Cyber Resilience Centres in the UK which began in 2019.

Ward Solutions

Ward Solutions

Ward Solutions are an information security consultancy and managed services company. We help organisations protect their brand, people, assets, intellectual property and profits.

Insight Enterprises

Insight Enterprises

Insight is a leading solutions integrator, helping you navigate today’s ever-changing business environment with teams of technical experts and decades of industry experience.

ImagineX Consulting

ImagineX Consulting

ImagineX Consulting is a cybersecurity-focused boutique technology consultancy whose mission is to help our clients #BeBetter by reducing their corporate risk.

Oxylabs

Oxylabs

Oxylabs is the largest datacenter proxy pool in the market, with over 2 million proxies. Designed for high-traffic, fast web data gathering while ensuring superior performance.

Manifest

Manifest

Manifest is a cybersecurity company dedicated to helping enterprises secure their software supply chains.

Scribe Security

Scribe Security

Scribe security provides end-to-end software supply chain security solutions.

Actfore

Actfore

Actfore offers advanced AI/ML-powered data mining solutions to swiftly detect and uncover sensitive information compromised in cyber breaches.