Cyber Week in Review: North Korea, Bitcoin & Electric Grids

Media Division | June 23, 2017

Some weeks recent cyber attacks cost millions of dollars and upset nations.  In such cases, the motivation is clear: financial gain.  Other cyber attacks focus on espionage: stealing data from a nation, or extracting industry secrets from a company.

Other attacks have less obvious motivations, and this week’s cyber week in review focuses around three such stories: cyber attacks that can have little more motivation than to spread chaos and disorder.

Or perhaps to rob others of time; after all, “time is money.”

The Hermit Comes out of His Shell

North Korea may not be the largest or most powerful nation on earth, or even on the Korean peninsula, but that doesn’t stop the Hermit Kingdom from reaching out and creating a little chaos now-and-again.

The notorious human-rights-violator state has also been the object of crippling economic sanctions.

So it really should come as no surprise when several independent tech companies and agencies have pinpointed the recent enormous ransomware WannaCry (aka WannaCrypt) to North Korea.

Still, widespread malicious ransomware, that seems to have made less than $200k seems both uncharacteristic for a nation-state and financially unable to fund an island, much less half of a peninsula.

For North Korea, however, the motivation may not have been purely financial in nature.  Sure, the country needs money, and thievery isn’t outside of their toolbox (they’ve been blamed for one of the largest bank heists in history), but this malware attack may have been more about spreading panic, creating chaos, and observing response actions.

In that case, North Korea succeeded.

On the cyber playing field, they have very little to lose, since the nation itself is mostly offline, and they have much to gain, if only by virtue of disrupting their neighbors to the South and the West.

Bitcoin gets a Bit Cuckoo

Speaking of things getting a little crazy in the cyberverse, Bitcoin suffered another cyber attack. Fortunately for users, this one did not seem to impact money, except to slow exchanges and cause delays.

The distributed denial-of-service attacks (DDoS) flooded the bitcoin exchanges of Bitfinex (the largest US dollar-based exchange) and BTC-e (a smaller exchange).

Slowing down a website with a DDoS attack, in most industries, is little more than an annoyance.  In an exchange of currency, like the first purely digital currency of Bitcoin, slowing down an exchange could potentially have a market impact, since the markets depend upon those transactions going through.

This time they did not, but that could warrant future similar attacks.

When the Lights Go Out

Utility companies deal with threats constantly, but when a Ukrainian power grid lost power (twice!) it introduced a new element of panic in the utility industry.  Are utility cyber security solutions prepared for such attacks?

New data released by two independent cyber security companies has revealed that three known forms of malware have the power to cut utilities: Stuxnet, and now Crash Override and Industroyer.  The most threatening of these, Crash Override, may have been used in the 2015 Ukrainian power outage and does not require an on-set actor to execute.

Based on this information, utility companies are being advised to look for specific types of suspicious activity that may indicate the malware is on their system and looking for centralized power grid points to attack.

Turning out the power doesn’t make a hacker any money, but it can cost an economy, spread chaos, and disrupt a balance of power: all things certain threat actors may desire.

That’s all for this week.  Until next time, enjoy the headlines…but stay out of them.

Massive's Media Division publishes timely news and insights based on current events, trends, and actionable cross-industry expertise.