“Alperovitch told the Reuters Cyber Security Summit that banks were concerned Pyongyang’s hackers may become more destructive by using the same type of “wiper” viruses they deployed across South Korea and at Sony Corp’s Hollywood studio.”
A few months ago North Korea was accused of being behind a worldwide cyber attack that saw hospitals, large firms, and banks as the target of hacking and cyber intrusions. The North Korean hacking group known as Lazarus was blamed for a string of hacks dating back to at least 2009, including an $81 million heist from Bangladesh’s central bank, the 2014 hack of Sony Pictures Entertainment that crippled its network for weeks, and a long-running campaign against organizations in South Korea. This attack was reported on in a previous article here at OpsLens.
The North Korean government has denied the allegations that it was involved in the hacks, but officials in Washington and Seoul as well as a number of security firms all agree North Korea was the source.
Poland’s biggest bank lobbying group, ZBP, said in February that the sector was targeted in a cyber-attack but did not provide further details. Government authorities declined to comment on the incident.
The malware used in that attack was programmed only to infect visitors whose IP address showed they were from 104 specific organizations in 31 countries, according to Symantec. The largest number were in Poland, followed by the United States, Mexico, Brazil, and Chile.
Now, as tensions mount between North Korea and much of the rest of the world, there is renewed fear that North Korea may again launch a cyber-attack targeting worldwide financial networks.
Globally, banks are preparing to defend themselves against North Korea. The isolated country has conducted a years-long hacking spree, seeking to cripple financial networks as Pyongyang weighs the threat of U.S. military action over its nuclear program, cybersecurity experts said.
North Korea has stolen a huge amount of funds from banks during the past three years. This includes the 2016 attack on the Bangladesh Bank mentioned above, according to Dmitri Alperovitch, chief technology officer at cybersecurity firm CrowdStrike.
Alperovitch told the Reuters Cyber Security Summit that banks were concerned Pyongyang’s hackers may become more destructive by using the same type of “wiper” viruses they deployed across South Korea and at Sony Corp’s Hollywood studio.
North Korean hackers could leverage knowledge about financial networks gathered during cyber heists to disrupt bank operations, according to Alperovitch, who said his firm has conducted “war game” exercises for several banks.
The difference between theft and destruction is often a few keystrokes
Security teams at major U.S. banks have shared information on the North Korean cyber threat in recent months, said a second cybersecurity expert familiar with those talks. “We know they attacked South Korean banks,” said the source, who added that fears have grown that banks in the United States are next.
“This represents a significant escalation of the threat,” said Dan Guido, chief executive of Trail of Bits, which does consulting for banks and the U.S. government.
With the continued missile launches and North Korean nuclear tests, tensions between Washington and North Korean leader Kim Jong Un are running extremely high.
John Carlin, a former U.S. assistant attorney general and currently chair of Morrison & Foerster international law firm’s global risk and crisis management team, told the Reuters summit that other firms, among them defense contractors, retailers, and social media companies, were also concerned. “They are thinking, are we going to see an escalation in attacks from North Korea?”
Jim Lewis, a cyber expert with Washington’s Center for Strategic and International Studies, said it is unlikely that North Korea would launch destructive attacks on American banks. He says the fear of U.S. retaliation would most likely dissuade North Korea from going directly after U.S. banks.
Regardless, representatives of the U.S. Federal Reserve and the Office of the Comptroller of the Currency, the top U.S. banking regulators, wouldn’t say what measures are being taken but have acknowledged both have ramped up cybersecurity oversight.
It is not hard to imagine, with North Korea repeatedly stating they are in a state of war with the U.S. this may be part of their battle plan to strike first through cyber warfare.