The historic summit between the United States and North Korea may have focused the world’s eyes on Singapore this week, but cybersecurity experts were looking at the events in a very different way amidst concern over North Korea’s offensive cyber capabilities and warnings that the event would be a magnet for increased cybersecurity attacks.
Amidst reports that US intelligence officials were taking extra measures to protect their communications channels from hacking in the leadup to the summit, experts warned that North Korea was even less likely to give up hacking than its nuclear weapons, with academics like Harvard professor Eric Rosenbach among those outlining possible North Korea-driven cybersecurity worst-case scenarios.
Those scenarios have been playing out in fits and starts in recent years, with security analysts regularly warning of growing cybersecurity capabilities and new attacks that seem to have originated from the reclusive state.
This year alone has seen a US-CERT warning about the discovery of a North Korean Trojan that wipes files and master boot records; warnings last month that the techniques used by North Korea’s ‘cyber army’ to hack Sony in 2014 had been updated and redeployed; and the targeting of defectors with malware planted inside the Google Play app store.
“Our findings indicate that the [North Korean] Sun Team is still actively trying to implant spyware on Korean victims’ devices,” a recent McAfee analysis warned, noting that three Sun Team apps had been discovered and that only around 100 infections had been noted. The spyware, which stayed live on Google Play for around 2 months on average before being deleted, copies sensitive personal information such as photos, contacts, and SMS messages that are sent back to the authors.
Security firm FireEye recently claimed that Chinese and Russian hackers were targeting South Korea in the leadup to the Singapore summit, while security researchers at Comodo last year cited a “startling spike” in malicious activity last September – after US president Donald Trump threatened to “totally destroy” North Korea – in the same vein as surges after other key North Korean provocations during 2017.
A recent Check Point analysis suggested that North Korean hackers had reverse-engineered old Trend Micro antivirus software to produce a homegrown antivirus tool called SiliVaccine with JAKU botnet malware bundled inside it.
Yet not everyone is convinced the North Korean hackers are acting alone: US security expert Jeremy Samide, for one, has raised alarms about North Korea’s use of cryptocurrencies and and recently warned in a statement that North Korea “lacks China’s and Russia’s ability to cause cyber mayhem” and suggested that those two countries “often leave artifacts to make it look like the intrusion came from North Korea”.
The growing climate of nation-state attacks has reinvigorated the discussion about countries’ need to both develop and share their cybersecurity capabilities. A recent Australian Strategic Policy Institute (ASPI)-Australian Computer Society (ACS) analysis, for one, recently outlined Australia’s offensive cyber capability and warned about a lingering “disconnect between popular perceptions… and the reality of offensive cyber operations”.
Having increased its prominence on the world cybersecurity stage by levelling hacking accusations at Russia, Australia’s government is working to address several key recommendations and the industry is bracing itself for a more concerted response to the nation-state hacking threat.