With the shocking reality of potential warfare dawning on the world, it is easy to forget about the cyber activity that underpins everything. Highly advanced weaponry is not the only means of delivering a crippling blow to a nation, as Crowdstrike makes clear, cyberattacks can too.
This is not such an outlandish notion following the summer we are now emerging from, during which the world was rocked by the destructive power of attacks such as WannaCry, a category two attack that endangered human life.
CBR had the opportunity to speak to Dmitri Alperovitch, CTO and co-founder, Crowdstrike, to gain insight on how the threats are changing, and where they are coming from. The Crowdstrike CTO’s attention was drawn to the offensive cyber capabilities of North Korea.
Alperovich said: “North Korea worries me the most out of all of the nation state actors that we face, a lot of people do not realise that they have been in the cyber offensive field for many years; we tracked some of their earliest operations going back to 2004. In fact, one of the things they have had is a free fire zone in South Korea, where they have been launching a variety of different experimental attacks against the South Korean government, banking sector, news media, and energy sector.”
Significant connections have been made between North Korea and malicious cyber activity, ratifying Mr Alperovich’s belief. This year, the Department of Homeland Security alongside the Federal Bureau of Investigation issued a Technical Alert. This provided details of the tools used by the North Korean government to target a broad set of critical areas including financial, aerospace and media. Principally outlined in this alert was the “Hidden Cobra” initiative, an effort involving malware and botnet attacks allegedly launched by North Korea.
Mr Alperovich expressed particular concern regarding the potential for a North Korean cyberattack on financial systems, he said: “The fact of the matter is they are very familiar with financial institutions, we have discovered them in a number of large banking institutions, and so they have already been able to gain access to some of these organisations,” and the “difference between theft and destruction is just a few keystrokes.”
The DHS and the FBI also revealed findings that Hidden Cobra and an operation associated with North Korea called Lazarus are in fact the same thing. The Lazarus Group has been pinned on North Korea by influential cybersecurity organisations including Symantec, SecureWorks and Kaspersky, with the deadly WannaCry ransomware also being linked to the group.
In light of growing geopolitical tensions involving North Korea, the country’s trade is non-existant, applying great financial pressure that could be a strong motivator for nation state cyber activity for financial gain.
An alleged example of this in action is a cyberattack that resulted in an $81 million heist of the Bangladesh central bank account at the Federal Reserve Bank of New York. Mounting evidence from the likes of Kaspersky has further strengthened the accusation attributing the attack to North Korea.
While cyberattacks for financial gain are deplorable, nation state or otherwise, Mr Alperovich shared insight on an emerging motivation behind cyberattacks that is arguably far more malevolent, wanton destruction. The Crowdstrike CTO described this as the third wave of cyber, and it is the one we are currently in the midst of.
“I think we are going to see a lot more of these activities going forward, where countries in particular realise that cyber is a phenomenal tool to pressure other countries and corporations, and bend them to their will,” said Alperovich.
It this destructive power that is accessible through cyber that Alperovich fears North Korea could leverage against its targets, such as an ability to cripple the financial system of a nation state target, or other critical elements.
However, like with nuclear weapons, everyone is interested in wielding mighty destructive power, and nation state activity is certain to be widespread. Current geopolitical matters place the two powerhouses of the United States and Russia centre stage.
The Russian cyber espionage group Fancy Bear, for example, has been linked by Crowdstrike with some degree of confidence to the Russian military intelligence agency. This group was behind the data breach that hit the World-Anti-Doping-Agency (WADA) last year, exposing data relating to the likes of tennis star Serena Williams.
In addition to this, the widespread allegations of Russian involvement in influencing democratic processes must also be mentioned, but at a time of such geopolitical volatility, it would be naïve to assume that the United States for example, is not looking to also harness the power of cyber.