by Ian Heritage
It has just emerged that North Korean hackers have made an estimated $2 billion from a long-running campaign targeting banks and cryptocurrency exchanges. The leaked UN report detailing the scheme to make money for the hermit nation’s illegal weapons programme is food for thought for CISOs everywhere. It’s proof of a new reality: that organisations must counter the threat from nation states as well as organised cyber-criminals.
At Trend Micro’s CLOUDSEC conference next month, UN Office on Drugs and Crime (UNODC) cybercrime and crypto-currency advisory Alexandru Caciuloiu will be on hand to share his wisdom.
A new digital world order
There was a time before cybercrime. As a result, in the early days of computing, protocols like SMTP, DNS and HTTP were designed without security in mind. Things soon changed, and we have been retro-fitting cybersecurity to key services and platforms ever since. But the threat landscape is ever-evolving. Today, organisations aren’t just faced with cyber-criminals and hacktivists, they may also be attacked by nation state hackers.
As the latest UN report shows, firms don’t even need to be storing geopolitically sensitive data or running critical infrastructure to be targeted. Investigators are said to be looking into “at least 35 reported instances of DPRK actors attacking financial institutions, cryptocurrency exchanges and mining activity designed to earn foreign currency” across 17 countries. The idea was to generate funds that are harder to trace and subject to less regulatory scrutiny than the traditional banking sector.
North Korea was famously also blamed for the WannaCry ransomware worm which caused damage around the world in 2017. In this incident a piece of quick thinking and a bit of luck led to the discovery of a kill switch which managed to mitigate the threat. But it’s another example of what can happen when nation states decide to turn their fire on ordinary organisations. The NHS in particular was badly hit, with an estimated 19,000 operations and appointments cancelled and a final bill in the region of £92m.
The fightback starts here
In many ways the strategy for fighting off this relatively new threat from nation states should be the same as your regular cybersecurity plan. The key is to understand the scale and potential impact of such attacks, and whether you’re in an industry likely to be targeted. At Trend Micro’s CLOUDSEC conference in September, we’ll have a UN expert on cybercrime and cryptography to talk through the impact of this particular North Korean campaign and the broader threat landscape.
Alexandru’s presentation is just one of a whole series of keynotes from industry experts designed to provide CISOs with enhanced awareness of emerging threats and attack techniques. Other speakers include a former White House CIO, a former head of the NCA’s National Cyber Crime Unit (NCCU), leading CISOs from across industry and Trend Micro experts including our VP of Security Research and Director of our Forward-Looking Threat Research team.
The fight against cyber-threats begins with enhanced situational intelligence. And that’s where CLOUDSEC can help. Book your place today!
What: CLOUDSEC 2019
When: 13 September 2019
Where: Old Billingsgate Market, London