Could $5 Million Reward Rattle North Korean Cybercriminals?Also: Methods to Improve Banks' Cyber Defenses; U.S. Regulatory Trends
The latest edition of the ISMG Security Report analyzes how the U.S. government is offering a reward of up to $5 million for information to help it disrupt the illicit flow of funds to North Korea. The report also examines approaches to enhance banks' cyber defenses and U.S. regulatory trends.
In this report, you'll hear (click on player beneath image to listen):
- ISMG's Mathew Schwartz discuss how the U.S. government is offering a reward of up to $5 million for information to help it disrupt the illicit flow of funds to North Korea;
- Tom Kellermann of VMware share best practices for banks to strengthen their cybersecurity defenses with the rise of ransomware and other destructive attacks targeting the sector;
- Lisa Sotto of Hunton Andrews Kurth LLP outline important shifts in the U.S. regulatory landscape that affect both cybersecurity and privacy.
The ISMG Security Report appears weekly on this and other ISMG websites. Don't miss the April 7 and April 14 editions, which respectively discuss lessons learned from REvil's attack on Kaseya and the threat to the energy sector as the Russia-Ukraine war continues.
Anna Delaney: Feds offer $5 million to help disrupt North Korean hackers and important shifts in the US regulatory landscape. These stories and more on this week's ISMG Security Report.
Hello, I'm Anna Delaney, the US government is offering a reward of up to $5 million for information that helps it disrupt the illicit flow of funds to North Korea. Joining me to discuss is Matthew Schwartz, executive editor of DataBreachToday and Europe. Matt, what's on offer?
Matthew Schwartz: The US government is making a pitch. If you can help the State Department disrupt North Korean hackers, it'll give you up to $5 million as a reward. What the State Department is offering is this money in exchange for information that leads to the disruption of financial mechanisms. It's phrased of persons engaged in activities that support North Korea, and specifically with its weapons programs. Now, that's a very broad sort of remit for a reward, because North Korea uses all sorts of tricks and techniques to help fund not just the regime, but also its nuclear weapons program and its missile research program. And this includes money laundering, exporting luxury goods to North Korea, as well as cyber activity, and specifically various types of hack attacks.
Delaney: Is this the first time the US government has offered rewards to disrupt North Korean attackers?
Schwartz: No, it's not the first time. In April 2020 the State Department first offered a reward of up to $5 million for anything that pertained to illicit North Korean activities in cyberspace. That offer still stands, but it has been expanded to cover things like data breaches, destructive malware attacks, ransomware campaigns, and other extortion efforts and illegal online activities that trace back to North Korea. It's not just a cybersecurity thing, either. It also has to do with anything involving weapons. I mentioned luxury goods before, they're also looking at North Korea selling coal or attempting to import petroleum products. So it's very broad, and it joins some other rewards that are already in effect, as well. For example, last November, the State Department began offering up to $10 million for information leading to the arrest of two Iranians charged with interfering in the 2020 US election. In January, it also offered a similar amount, the same amount for any foreign attackers who were targeting the US and specifically critical infrastructure. It would be interesting to know if it's paid out any of this information to date. It's a huge incentive, though, if there's anyone in around North Korea, who might want to rat somebody out in exchange for millions of dollars.
Delaney: This reward money seems to highlight the ongoing risk caused by North Korea.
Schwartz: Absolutely. The fact that they're willing to pay so much money just reinforces what a threat North Korea is, and look at North Korea, look at the size of the country. When it comes to the top four countries that Western intelligence officials regularly cite as posing the biggest threats to critical infrastructure that includes the banking sector, they regularly cite Russia - typically number one - China, Iran, and North Korea. This country is punching above its weight. That is highlighted by all of the cryptocurrency theft that continues to trace to North Korean hackers. That includes the theft of $620 million worth of cryptocurrency from the Ronin network, which is used by the Axie Infinity game, and the FBI has attributed that attack to North Korea. One attack more than half a billion dollars. You can see that North Korean hackers are extremely proficient these days at hitting targets that offer maximum financial takings. This is included in the past. Banks, for example. Bangladesh Bank being one of the best known but certainly not the only successful target for North Korean hackers, and it continues to involve cryptocurrency exchanges, which, unlike so many banks, aren't particularly well secured, often, as is demonstrated by the hundreds of millions of dollars, at least, that North Korean hackers and others have managed to steal from them. The FBI and the US Cybersecurity Infrastructure Security Agency have continued to sound the alert about North Korean hackers, Lazarus Group, in particular. We just have gotten some alerts in the past week. The Treasury Department has been sanctioning cryptocurrency wallet addresses known to be used by Lazarus Group. This is a known target. The US government is attempting to disrupt these activities, but as the reward money demonstrates, these hackers also continue to be extremely effective.
Delaney: Matt, thank you very much for keeping us up to date with the latest on this story.
Schwartz: Thanks, Anna.
(Transition Ad: You are listening to the ISMG Security Report on ISMG Radio. ISMG - Your number one source for information security news.)
Delaney: VMware's Tom Kellermann is out with a new report entitled: Modern Bank Heists 5.0, which analyzes the attackers and attacks targeting financial services, as well as the increase in destructive attacks, ransomware, and hits on cryptocurrency exchanges. Our senior vice president of editorial, Tom Field asked Kellermann how banks can improve their cyber defenses.
Tom Kellermann: First and foremost, you've got to integrate your network detection response capabilities with your endpoint detection response capabilities, whether you're buying a platform like XDR or whether you're just integrating those two functionalities to get true ground truth and realistic situational awareness as to adversarial tactics both on your network and your endpoint. Workload security is definitely a priority, especially workload security that can migrate between multi-clouds. API security is huge gap. We saw this report that application attacks are going through the roof. We thought we would always solve that, but the OWASP Top 10 is still alive and well and very viable in today's world. Hence application control and high enforcement is another priority and becoming more thoughtful and more holistic and how you expand threat hunting. It should include the C-level's endpoints, the administrative assistants, the Office 365 administrative rights environment, Active Directory, and your information supply chain, particularly the FinTech vendors that you're partnering with.
Delaney: With new US regulatory requirements and proposals coming just about every day, what are the important shifts to pay close attention to? Here's Lisa Sotto, partner and chair of the global privacy and cybersecurity practice at Hunton Andrews Kurth LLP, with an overview of what she describes as a tsunami of regulatory change, both in the cyber and privacy spheres.
Lisa Sotto: Things are changing truly at the speed of light. This administration understands that cybersecurity is a deep threat in every respect. We saw most recently, the omnibus appropriations bill now has in it a requirement to notify the government within 72 hours of having reasonable belief that there's been an incident that requires reporting. You need to report in 24 hours if you've paid a ransom. We now have the 72 hour reminiscent of course of Europe, reporting obligation to the government, along with a 24-hour reporting obligation for ransomware payments. In addition to that, for banks, there is a new rule that as of May 1. Banks are going to need to report substantial incidents within 36 hours. There are a couple of SEC proposals that are on the table. The one that is, I think, taking all public companies' issuers by storm is the requirement that is not in place yet. It's still in draft form, but it's probably coming in some form or another that public companies disclosed within four business days that they've had an issue. We have all of that on the cyber side. On the privacy side, we now have four states with omnibus, with comprehensive privacy laws. California started the trend followed by Virginia, then Colorado and most recently, Utah. There is a wave of regulation and we are struggling to keep up and that's the US of course alone and there's plenty happening overseas as well.
Delaney: That's it from the ISMG Security Report. Theme music is by Ithaca Audio. I am Anna Delaney. Until next time.