Details on ‘MBR Killer’
Offensive Cybersecurity
Over the last decade, North Korea has developed the reputation of being a state-actor that uses unethical cyberattacks as a part of a broad offensive cybersecurity strategy that funds the nation’s nuclear ballistic missile program. North Korea uses a variety of cyberattacks that affect networks in telecommunications on computer systems around the world. The development and implementation of different forms of malware and ransomware on networks in many regions, has caused intelligence on many of North Korea’s exploits to become available in the open source, which serves as a resource for information technology, cybersecurity and management staff who collect data on the regime’s cyberactivity and use it to establish policies that will protect networks at both public and private entities.
Collaboration and Cyberattacks
The United States and South Korea collaborated on a policy which established a satellite on the border between North and South Korea in order to gather geospatial intelligence on the regime as a method of verifying its level of commitment to not refine nuclear energy. At this point in the regime’s history of using cyberweapons, they seem more interested in conducting cyberattacks than engaging in formal military strategy that would include boots on the ground. Even though North Korea has successfully compromised networks with existing versions of malware and other threat agents, the country’s communication with two hacking organizations allows them to develop new threat agents which cause them to gain access to stolen currency in order to fund its nuclear ballistic missile program; they are also on the cutting-edge of creating and deploying malware that is extraordinarily difficult to mitigate, which changes the paradigm of zero-day and advanced persistent threat (APT) cyberattacks.
Least Wired Nation
Although North Korea has developed into a state-actor with capabilities to launch a variety of cyberattacks, it remains the least wired nation in the world, which makes it difficult for adversaries to launch offensive cybersecurity measures against the regime. Even though North Korea has few networks within its borders, the country’s offensive cybersecurity strategies have become more dangerous than its nuclear program. Bureau 121, the hacking division within North Korea’s government that collaborates with military on offensive cybersecurity measures, also carries the responsibility to recruit prospective hackers for the country’s two main hacking groups-APT38 and Lazarus. According to intelligence collected by the United States and South Korea, the regime has a cyber-army between 3,000 and 6,000 hackers. North Korea uses its cyber resources to develop new forms of threat agents, including multiple versions of malware and ransomware. North Korea’s cyberattacks are a part of the country’s asymmetrical military strategy. After reviewing the most notable attacks conducted by North Korea, it is safe to assert that the regime has one of the most effective offensive cybersecurity strategies among countries with similar or more resources like China, Russia and Iran. The regime’s most frequently analyzed cyberattacks include the following: 2009 DDOS attack on United States, 2014 hack on Sony Pictures Entertainment, 2017 WannaCry ransomware attack on Windows-based PCs, and a variety of cyberattacks on the financial sector in many territories resulting in the development of innovative malware that remains difficult to mitigate like ‘MBR Killer’-one of its most recent forms of malware.
Impacts within an Organization
• North Korea has the capability to launch a variety of cyberattacks including DDoS, ransomware and malware.
• Cybersecurity professionals should conduct research on the various threat agents developed by North Korea and all other state actors and non-state actors as a preventive strategy.
• Cybersecurity professionals should identify intrusion of networks by North Korea as early as possible in order to effectively mitigate its malicious code.
Management Issues and Considerations
• Management should ensure the best security strategy of training and educating its staff to beware of unethical forms of social engineering that could compromise company networks.
• Cybersecurity professionals should familiarize themselves with the information made available in the open source on existing cyberattacks by North Korea.
• When hackers gain unauthorized access to networks, cybersecurity and management must decide on attempting to isolate threat agents by removing systems from the network or attempt to use proxy systems like honeypots.
Comparisons with Related Technologies
• It is always an advantage for cybersecurity staff to ensure that company’s use technologies to promote network security (firewalls, intrusion detection prevention systems, anti-virus software, virtual private networks (VPN) and levels of encryption) in order to prepare for prospective cyberattacks by North Korea.
• Unlike threat agents that can be isolated by removing the point of entry from computer networks, the latest form of malware by North Korea has the ability to uninstall itself and remove its digital fingerprints at any given time, making it challenging to conduct a forensic analysis and a mitigation strategy.
Concerns for Management
• It would be an advantage to identify applicable mitigation strategies that could be effective against North Korea’s malware and ransomware cyberattacks even before hackers have unauthorized access to networks.
• Management staff should provide any applicable resources to IT and Cybersecurity professionals to assist them in identifying threat agents early in order to prevent scenarios in which North Korean hackers can remain unnoticed on a network while wiring stolen currency, collecting stored data and observing communications applications.
Potential Applicability
• A best practice for ensuring the applicability of security policies involves management staff designating the appropriate IT and Cybersecurity staff with specific roles and responsibilities that can effectively defend against North Korean cyberattacks.
Advantages/Disadvantages
• Advantage: Implementing effective cybersecurity policies and mitigation strategies can assist companies in identifying threat agents, collecting intelligence through forensics, and recommending the best security measures for removing malicious code.
• Disadvantage: Future innovations of North Korean malware will have a negative impact on the amount of time and the available resources cybersecurity professionals may have in order to successfully defend against North Korean cyberattacks.