ALBUQUERQUE: This week, the Cybersecurity Infrastructure and Security Agency, the part of DHS tasked with protecting critial infrastructure, issued a warning that a North Korean hacking outfit is actively seeking to attack think tanks, experts, and government agencies.
The alert “should raise concern for those simply focused on China or Russia as the core threat to our national security,” says Eric Noonan, CEO of security firm CyberSheath. “There are a number of new nemeses that hope to wrestle the top title away from these formidable cybersecurity foes.”
The alert about North Korea’s Kimsuky group comes just days after alerts about Iranian and Russian efforts, and a few weeks after an alert about potential cyber action from China.
“The US-CERT alert on the North Korean APT group known as Kimsuky is not surprising, coming so soon after a similar alert about APT groups operating out of China. State, and State Sponsored attacks have existed for years, but have grown higher profile and less covert over time,” says Saryu Nayyar, CEO of Cybersecurity company Gurucul. North Korea “has used cyberattacks as a form of asymmetric warfare for years, and is suspected of being behind a number of high-profile attacks against civilian targets.”
The alert reinforces the notion that, when it comes to infiltrating foreign computers, North Korea boasts an outsized cyber prowess. For companies and contractors building new cybersecurity defenses, it means they have to look at more than just threats from big nations. In the past, North Korea has proven its ability to use botnets, as well as dedicated hacking groups like Kimsuky, to not just steal information, but to harvest currency from foreign coffers.
Right now, warnings like this from CISA plug into a largely voluntary framework. While government agencies can be mandated to follow the recommendations and mitigations, private companies are instead advised to take action for their own benefit.
Many of the techniques used by Kimsuky can be mitigated through simple measures, like adoption of two-factor authorization, reducing the number of people with network administrator access, and training people how to respond to spearphising attempts. In one instance, Kimsuky hackers impersonated South Korean journalists, and then sent links disguised as meeting invites which, when opened, instead downloaded the Baby Shark malware onto the target’s computer, giving hackers access.
“These attack techniques are not unique, unknown, or sophisticated,” says Noonan. “In many ways, malicious actors are simply preying upon those who struggle to keep their information systems up-to-date and secure, which generally speaking, is most individuals.”
For companies who want to do business with the federal government, the new Cybersecurity Maturity Model Certification could stop them winning future contracts if their cybersecurity protocols are lacking.
“Organizations should implement a plan to conduct regular reviews of critical and severe email security and compliance alerts” says Allyn Lynd of cybersecurity firm CriticalStart. “Often organizations install security tools, but do not build in a monitoring program for those tools.” While organizations within and outside the Pentagon are moving to a zero-trust framework, adopting mitigation protocols and regular alert monitoring could fill in a useful stop-gap measure: trust, but verification.