This article is more than 1 year old

Nork hackers no pantomime villains, but a hugely unpredictable menace

Modest resources, but can launch debilitating attacks

Nation state V US company

"We routinely see attacks of 10-20Gbps against our commercial clients, with those of 100Gbps no longer uncommon,” said Ofer Gayer, a security researcher at DDoS mitigation firm Incapsula. “Even if North Korea had ten times its publicly reported bandwidth, bringing down its connection to the net would not be difficult from a resource or technical standpoint.”

Attribution of the Sony Pictures hack to North Korea may have taken the general public by surprise but security intelligence firms have been tracking the mendacious actives of the North Koreans for some time.

For example, South Korea banking and TV station networks were hit by wiper malware in March 2013 during the so-called Dark Seoul attacks.

China-based adversaries continued to proliferate in the targeted intrusion space alongside Russia, but North Korea is also active and Iran is an emerging player, according to security intelligence firm CrowdStrike.

Adam Meyers, CrowdStrike's VP of intelligence, told El Reg that while Russian attacks employed sophisticated trade-craft, Chinese attacks were of a far greater volume. "Chinese attacks are like a giant vacuum cleaner" for confidential data, according to Meyers. The security intelligence expert added that slinging computer wiper malware is a standard modus-operandi for North Korean cyber operations.

CrowdStrike is confident that North Korea attacked Sony Pictures, an attack it said was motivated because The Interview's fictional depiction of the assassination of its supreme leader Kim Jong-un was "perceived as an act of war" by the DPRK.

Meyers told El Reg that it had "medium-to-high degree of confidence" that the North Korea was behind the Sony Picture hack partly because the firm is able to see one or two layers deep into North Korea's cyber attack infrastructure, most of which is physically located in China.

A separate assessment of the cyber threat from North Korea, based on open source intelligence gathered and analysed by HP’s malware researchers is available here (PDF).

The Sony hack is significant because it "marked the first public cyber attack launched by a nation-state against a US company intended to cause physical and reputational damage that would render the business inoperable," according to HP.

That North Korea seems capable of launching such a debilitating attack as that thrown against Sony using modest resources for what amounts to an affront to national honour and pride leads corporate security towards a scary and still uncharted domain.

Lessons from the Sony Pictures hack are due to feature prominently in three sessions (featuring Agiliance, Cyber Ark Software and a round-table discussion, respectively) at the RSA Conference in San Francisco this week.

Attacks by the "unstable and unpredictable" nation state of North Korea are in some ways scarier than Chinese cyber-espionage which although massively damaging economically are predictable and cause less havoc and destruction, Gib Sorebo (chief cybersecurity technologist) of science and technology firm Leidos argues in a blog post on lessons from the Sony Pictures hack.

Security response firm Mandiant, which was called in to help Sony Pictures in the aftermath of the breach, said that "neither [Sony] nor other companies could have been fully prepared".

"Sony was not an attack on our critical infrastructure," Sorebo writes in a blog post. "While Sony will suffer, neither our infrastructure nor our economy will feel any noticeable impact. What the attack does demonstrate is the lengths that a rogue state or terrorist group will go to achieve a seemingly limited aim, to stop the release of a movie."

Rootnote

1Other theories that the Sony Picture hack was the work of independent North Korean nationals or that the Russian might have had a hand in the assault have also been raised. Initial doubts about the official line that the NORKS were behind the Sony Pictures hack are neatly summarised in a blog post by infosec veteran Graham Cluley and published last December in the immediate aftermath of the assault.

More about

TIP US OFF

Send us news


Other stories you might like