Before the internet era, geopolitical tensions drove traditional espionage, and periodically erupted into warfare. Nowadays, cyberspace not only houses a treasure-trove of commercially and politically sensitive information, but can also provide access to control systems for critical civil and military infrastructure.
It’s therefore no surprise to find nation-state cyber activity high on the agendas of governments. In 2019, nation-state cyber activity is expected to increase to unprecedented levels.
Read more about the predictions for nation-state cyber activity in 2019 on ZDNet.
The biggest threats online continued to mirror the biggest threats in the real world, with nation states fighting proxy battles and civilians bearing the brunt of the assault. In many cases, the most dangerous people online are also the most dangerous in the real world. The distinction has never mattered less.
Read the list of most dangerous people on the Internet for 2018 on Wired.
A server outage at Tribune Publishing on Saturday that prevented the distribution of many leading U.S. newspapers, including the Wall Street Journal, New York Times, Los Angeles Times, Chicago Tribune and Baltimore Sun was actually nothing of the sort.
Instead, it appears to have been a cyber-attack involving what is thought to have been a version of the highly successful Ryuk ransomware family. Interestingly, Ryuk is often attributed to the Lazarus Group which is thought to operate out of China but in the hands of North Korean threat actors.
Read more about the ransomware attack on Tribune Publishing on Forbes.
According to the Cryptocurrency Anti-Money Laundering Report from Ciphertrace some $927 million has been stolen from cryptocurrency exchanges in the first three quarters of 2018 alone. That total will almost certainly have hit, if not smashed straight through, the $1 billion mark by now. So, who were the hackers behind the heists and how did they get away with it?
The how remains sadly predictable throughout the year; exploiting vulnerabilities in crypto wallet software and servers, social engineering / password compromises and insider theft. The who covers equally predictable territory with lone wolf criminal opportunists at the lower end of scale through to well-resourced nation-state actors at the other.
Read more about cryptocurrency theft in 2018 on Forbes.
Two days last year finally woke the world up to the dangers of cyberwarfare, according to Microsoft’s President Brad Smith: 12 May and 26 June. On 12 May the WannaCry ransomware attack created havoc by encrypting PCs across the world and costing billions to repair the damage. Just over a month later on 16 June the NotPetya malware caused more damage, again costing billions to fix. Western governments have blamed WannaCry on North Korea, and NotPetya on Russia — it probably was designed as an attack on Ukraine which then got out of hand.
Smith draws a parallel between the run-up to the First World War and the burgeoning cyberwar arms race today. “I’m not here to say the next world war is imminent but I am here to say that there are lessons from a century ago we can learn and apply, that we need to apply, to our own future,” said Smith.
Read more about Microsoft’s efforts to stop a cyber world war on ZDNet.
In what appears to be a first on the cyber-espionage scene, a nation-state-backed hacking group has used a Google Chrome extension to infect victims and steal passwords and cookies from their browsers.
This is the first time an APT (Advanced Persistent Threat –an industry term for nation-state hacking groups) has been seen (ab)using a Chrome extension. A pending report by the ASERT team at Netscout reveals the details of a spear-phishing campaign that’s been pushing a malicious Chrome extension since at least May 2018. Researchers said they found evidence suggesting that the group may be based in North Korea.
Read more about the cyber-espionage campaign on ZDNet.
It’s the time of the year for cybersecurity predictions. This time, Suzanne Spaulding, former DHS Under Secretary and Nozomi Networks advisor believes that in 2019, provides her insights.
The things that have been holding back Russia, China, North Korea and Iran from a critical infrastructure attack on the U.S. could shift. When it comes to nation state threats on U.S. critical infrastructure, we think of four key actors: Russia, China, Iran and North Korea. Each country has been held back from attacking the U.S. for different reasons. Think about a graph with an x and y axis. The x axis represents capabilities and the y axis represents destructive intent. At the moment, Russia and China have the highest capabilities, but they fall lower on the scale of destructive intent.
Read more about Suzanne Spaulding’s predictions and learn why she believes hackers from Russia, China, North Korea or Iran may launch a critical infrastructure attack on the US in 2019, on Information Security Buzz.
Internet Explorer’s scripting engine was the favorite target of a North Korean cyber-espionage group this year, after the hackers deployed two zero-days, but also crafted new exploits for two other older vulnerabilities. The group’s name is DarkHotel, a cyber-espionage group that McAfee and many other cyber-security firms have already linked to the Pyongyang regime.
The group has been active since 2007, but it was publicly exposed in 2014. Despite being ousted in public reports, DarkHotel didn’t stop its attacks.
Read more about the recent activity of the DarkHotel APT on ZDNet.
Researchers from Symantec have uncovered the malware tool North Korea’s infamous Lazarus Group has been using since 2016 to empty millions of dollars in cash from ATMs belonging to mostly small and midsize banks in Asia and Africa.
In a report this week, the security vendor described the malware as designed to intercept and approve fraudulent ATM cash withdrawal requests before they reach a bank’s underlying switch application server that processes them.
Read more about the Lazarus Group ATM malware on DarkReading.
North Korea is hacking computers to mine cryptocurrency to bring extra cash into the country, according to South Korea’s intelligence service. North Korean hackers also continue to hack computers in South Korea and abroad to steal confidential information, the state intelligence agency said in a parliamentary audit, Yonhap News reported.
A U.S. cybersecurity firm revealed in January that it found computers installed with malware, suspected to have been implanted by North Korean hackers, to mine for cryptocurrency Monero and send it to Kim Il Sung University in Pyongyang, according to Chosun Ilbo. Cryptocurrency has emerged as an alternative source of money for the cash-strapped North Korean regime amid tightening international sanctions.
Read more about the North Korean cryptojacking campaigns on UPI.