A Nation of Super Hackers and They are Coming For Your Business!

North Korea. What do you think when you hear about this country? 

You probably think of a nation that has separated from progress and technology. A country run by a socialist despot. A hermit kingdom that strictly controls the daily activities of its people. A country whose government doesn’t like people from outside.

What we don’t think of is Advanced Technology.

North Korea is arguably number one in the world. For hacking. State-sponsored campaigns that provide needed foreign currency.

Kim Jong-un who ascended to leadership in 2011, began by reforming their Reconnaissance General Bureau (RGB.) The reorganization made global cyber warfare activities a priority.

And their hackers are coming for you and your business.

Why? Their economy depends on it. It is a significant revenue source for them.

The top three contributors to their GDP are Coal, Selling forced Labor, HACKERS. They have a giant corps of state-sanctioned cybercriminals specifically trained in HACKING!

According to the National Security Agency, we greatly underestimate their effectiveness.

North Korea is one of the least wired nations on Earth, with minimal internet connectivity.

So, how do they have such a robust and sophisticated cyber hacking program with such limited internet connectivity?

Enter Shenyang, China. Less than a one-hour bullet train from North Korea sits the most significant overseas investment made by North Korea, the Chilbosan Hotel. Here they train their most promising hackers choosing those who have an aptitude in the hard sciences or advanced mathematics. They have developed a highly centralized government-run coding curriculum and cyber training program. Those who excel in the program are that filter these students into a couple of their premier universities, Pyongyang’s Kim Il-sung University and the Kim Chaek University of Technology. A majority of students go to work in cyber operations at the RGB.

However, for those top graduates, they are placed in professional or political positions, including positions throughout the world where they may masquerade as analysts, actuaries, and importers. Often these positions are in third-world countries such as India, Indonesia, Kenya, Malaysia, Mozambique, Nepal, and even more westernized countries like New Zealand. There they hide behind legitimate businesses, rising to positions of power that allow them the access to networks they use to carry out their cyber hacking activities.

They are adept at creating sophisticated and believable documents. They often design their hacking tools. They spend time searching the internet for any vulnerability they can to exploit. They are masters at spoofing requests that allows them to carry out espionage and devastating financial transfer campaigns — all geared to further its national interests.

How North Korean Hackers are there?

The Congressional Research Service says the number of North Korean hackers is between three and six thousand.

Why so many?

For North Korea, they see cyber warfare as a significant section of their overall military strategy.

Who do they target?

Their preferred targets are US-based companies with operations or business dealings in the energy, financial, medical, or military sub and sub-subcontractors.

Their Social Media Tactics

These North Korean hackers have mastered the use of the Social Media site LinkedIn. There they can locate job recruiters both inside and outside companies in the industry they want to target. Next, they craft job opportunities that include a link to the job application or attached job description.

Then using spoofed email addresses, that at first glance appear to be from a legitimate recruiter account, sit back and wait for a target to click on it. They have gotten so good that they know what keyword their target expected to see to click on the link or attachment.

Once in the company, they work their way through the network lifting the data they want to delete their digital movements and encrypting their traffic as they move through the system.

How can the US retaliate?

It will be difficult since most of their cyber activities are not carried out in North Korea but under cover of legitimate businesses across the world.

How can companies protect themselves and others? Here is a simple guide

Step 1: Know who you are hiring or contracting with for IT services. Never allow any IT company who hires North Korean engineers or computer scientists living abroad to have access to any of your networks. Remember there are significant foreign operated IT MSPs that employ North Koreans in their ranks. If they get access to your system, they will use it to carry out their hacking activities.

Step 2: Review your Security from top to bottom. Use your assets to assemble a team that is responsible for managing your data networks. Why? Keeping your employee informed about your security, and any discussions about its implementation are essential. Use not only technical experts but your forward-thinking employes.

Step 3: Understand How Much of a Target you are. When you are doing your evaluation, put on your hacker glasses, and look at your company through their eyes. What data do you have that is useful to them or could be used to attack a more prominent company with whom you do business.

Ask Questions!

            • What sensitive company information could a hacker use to make money?  Ruin our market share?  To attack one of our vendors or suppliers, to strike a larger company with whom we provide a service or product?
            • What trade secrets or intellectual property that they could exploit?
            • What is most information is valuable to you, the business owner?
            • Is there anyone who would pay someone to attack your company? 
            • Is there anyone who wants to see you out of business? 
            • What electronic information that you have could ruin you if exposed?

Step 4: Have you patched all known vulnerabilities and hardened your systems? Cybercriminals will go for the most natural way, and that means that most of the time that is through known hardware and software vulnerabilities.  It is how they took down Equifax and got into the UK National Health Service to spread WannaCry, which also infected US Hospitals, FedEx, and Nissan, to name a few. Do you use open source libraries? Some of them are vulnerable to exploit. How about your applications and those applications run by third-party vendors. Keeping all of the vulnerabilities patched and up to date can not be stressed enough.

Step 5: Do you have CyberSecurity Insurance? If not look into getting a policy. Read the fine print so that you understand not only the coverage but the exceptions.

In the case of a breach, if the investigation show negligence or a lack of due diligence on your part, expect your cyber insurance policy to deny coverage.

Negligence includes a failure to apply security patches, update your systems, or secure third-party applications.

Any cyber insurance policy should cover:

            • Your Liability for all exposed confidential information
            • Direct costs incurred for related to informing your customers about the breach
            • All expenses related to Credit-monitoring services to protect customers who had their data compromised.
            • Business Interruption reimbursement coverage (for the interruption to your 
            • business caused by the attack.)