N. Korean Hackers Plan to Devastate UK

Uploaded on 2017-11-21 in INTELLIGENCE--Europe, GOVERNMENT-National, GOVERNMENT-Defence, FREE TO VIEW, INTELLIGENCE-Hot Spots-North Korea, JOBS-Careers, TECHNOLOGY--Hackers

Hacking groups linked to North Korea will continue to devastate the UK with major cyberattacks over the next year, former GCHQ director Robert Hannigan has warned.

Referencing WannaCry, a malware outbreak which has been linked to the rogue state, the ex-spy chief said there will be "more collateral damage and more unintended consequences."
"The technical sophistication of the threats is going to get worse, without question," Hannigan said during a recent FT cybersecurity summit in the heart of London. "We'll see more ransomware, we'll see a greater scale of attacks," he added.

WannaCry, a rapidly-spreading form of ransomware, emerged back in May and eventually affected hundreds of thousands of computers in 150 countries.

In the UK, the National Health Service (NHS) was hit in the cyber-assault. It was not specifically targeted, but instead was a victim of what Hannigan branded "collateral damage."

According to data released by the National Audit Office (NAO), nearly 20,000 appointments were disrupted by the incident. An independent audit found "basic IT procedures" could have halted the hack. 

Hannigan voiced concern about the overlap of state and crime in cyberspace. He noted: "The critical thing is that there are players out there now behaving badly enough not really to care.
"Either because they don't have a stake in the international system, or they have a stake but actually, that's a threshold of damage that they can live with in order to deliver whatever effect they want to deliver. And they would expect the rest of the world just to live with that.

"I think we will see more of that - more collateral damage and more unintended consequences."

While attribution will never be 100% concrete, a clandestine unit known as "Lazarus Group" was linked to the WannaCry outbreak by similarities in hacking tools spotted in other incidents.

UK security minister, Ben Wallace, told the BBC in October the government "quite strongly" believed North Korea was responsible for the cyberattack on the healthcare system.
"I obviously can't go into the detail of intelligence, but it is widely believed in the community and across a number of countries that North Korea had taken this role," he said.
Hannigan quit as GCHQ chief in January this year, citing personal reasons. In September, it emerged he had been appointed as cybersecurity advisor to insurance firm Hiscox UK and Ireland. However, his stance on hacking has been echoed by those still working for the government.

In late October, National Cyber Security Centre (NCSC) chief Ciaran Martin warned that he expected a "significant scale attack" on the UK is likely to take place in the coming years.
"WannaCry was really a reasonably sophisticated tool, used rather ineptly," he commented.
"They will learn from that. People always do. They will get better at using those tools, and there are far more sophisticated tools out there, and they will start to use them." 

He added: "If you look at the NHS, nobody would seriously believe that the North Koreans wanted to attack the NHS, and not least because they were never going to pay a ransom."

IBTimes:

You Might Also Read: 

N.Korea Will Target UK Financial Services:

Former Spy Chief Takes Top Cybersecurity Job:

Director's Departure Leaves A Big Hole At GCHQ:

Spying On You In Britain:
 

« When Guns And AI Work Together
Computers Say ‘No’ But AI’s Decisions Must Be Fair & Transparent »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

CYBER 1

CYBER 1

CYBER 1 provides cyber security solutions to customers wanting to be resilient against new and existing threats.

Cambridge Cybercrime Centre

Cambridge Cybercrime Centre

The Cambridge Cybercrime Centre is a multi-disciplinary initiative combining expertise from the Department of Computer Science and Technology, Institute of Criminology and Faculty of Law.

ProSearch Partners

ProSearch Partners

ProSearch Partners are national talent acquisition specialists exclusively focussing on Technology and Digital talent including Cybersecurity, Data Analytics and Execs.

Avertium

Avertium

Avertium is the managed security and consulting provider that companies turn to when they want more than check-the-box cybersecurity.

SIRP Labs

SIRP Labs

SIRP is a Risk-based Security Orchestration, Automation and Response (SOAR) platform that fuses essential cybersecurity information to enable a unified cyber response.

Action1

Action1

Action1 is a Cloud-based lightweight endpoint security platform that discovers all of your endpoints in seconds and allows you to retrieve live security information from the entire network.

Sixteenth Air Force (Air Forces Cyber) - USA

Sixteenth Air Force (Air Forces Cyber) - USA

Air Forces Cyber provides mission integration of Information Warfare at operational and tactical levels, creating dilemmas for adversaries in competition and, if necessary, future conflicts.

Ross & Baruzzini

Ross & Baruzzini

Ross & Baruzzini delivers integrated technology, consulting, and engineering solutions for safe, sustainable, and resilient facilities.

Single Point of Contact

Single Point of Contact

Single Point of Contact is a Managed IT Services provider that helps businesses to achieve a seamless and secure IT environment.

Total Secure Technology

Total Secure Technology

Total Secure Technology provides trusted Managed IT Security and Managed IT Services for organizations looking to increase their cybersecurity defensive posture.

Enterprise Strategy Group

Enterprise Strategy Group

Enterprise Strategy Group, a division of TechTarget, is an IT analyst, research, validation, and strategy firm that provides market intelligence and actionable insight to the global IT community.

Guardian Angel Cyber

Guardian Angel Cyber

Guardian Angel Cyber, is your trusted ally in safeguarding your digital assets and online presence.

CSIRT-Gnd

CSIRT-Gnd

CSIRT-Gnd provides 24x7 Computer Security Incident Response Services to citizens, companies and government agencies in Grenada.

GetReal Security

GetReal Security

GetReal Security is the world’s leading authority on malicious digital content and deepfake protection.

BreachRx

BreachRx

BreachRx is the first intelligent incident response management platform that provides operational resilience for the entire enterprise.

Steryon

Steryon

Steryon is an innovative Cyber Resilience & Risk Management Platform for Cyber-Physical Systems (CPS), tailored for industrial infrastructures.