COVID’s impact on the DPRK is driving them to increase their hacking campaigns.
Experts expect North Korean hackers to launch more cyber attacks this year. The increase in attacks is due to the pressure North Korea is under both from the Coronavirus pandemic and food shortages.
North Korea’s border with China has been closed to mitigate COVID-19’s spread. The cybersecurity firm CrowdStrike says this is a key factor in North Korea’s decision to do more cyber crime. In addition, severe typhoons and floods acutely decreased agricultural yield, which is also driving the need for foreign revenue through hacking.
North Korea’s desperate search for currency
This week CrowdStrike published their 2021 Global Threat Report. In it, they noted that North Korea has conducted cyber-enabled theft since at least 2015. They do this to evade international and U.S. economic sanctions. They also generate a stream of funding to support other state initiatives.
“Currency generation operations will therefore likely increase over the next year to compensate for the economic downturn and serve as a lifeline for the country,” CrowdStrike warns.
Targeting the healthcare sector
CrowdStrike believes that COVID-19 will also likely continue to affect North Korea through the majority of 2021. They assess that “entities involved with the research, production or distribution of COVID-19 therapeutics will be at a high risk of North Korean targeted intrusions until a vaccine is widely available in North Korea.”
The report also found that 18 ransomware families infected 104 health care organizations in 2020. The most prolific hacker groups were Twisted Spider using Maze and Wizard Spider using Conti.
“If you can’t see it, you can’t protect it”
CrowdStrike says that for security teams operating in today’s environment, visibility and speed are critical for blocking attackers. They must be especially vigilant against those that have the capability and intent to steal data and disrupt operations.
“Security teams must understand that it is their responsibility to secure their cloud environments, just as they would on-premises systems. They must establish consistent visibility for all environments and proactively address potential vulnerabilities before they can be leveraged by attackers,” the report warns.