Government Alert Warns of North Korea’s Involvement
Earlier this month, several government agencies issued an alert about elevated cybersecurity concerns related to cryptocurrency, blockchain technology, and online gaming. The FBI, the Cybersecurity and Infrastructure Security Agency (CISA), and the Treasury Department jointly announced that state-sponsored hackers from North Korea had deployed malicious tactics like ransomware, phishing, and malware to steal more than $1 billion over the last two years.
The three agencies went public with their finding that North Korea was responsible for the Ronin Bridge attack in March 2022, which netted more than $620 million in stolen cryptocurrency. In addition, more than four publicly identified hacking groups tied to North Korea stole at least $500 million in crypto funds in a variety of attacks carried out in 2021.
How did this happen? By taking advantage of cybersecurity vulnerabilities in highly unregulated parts of the crypto industry, including currency exchanges, decentralized finance (DeFi) protocols, non-fungible tokens (NFTs), and play-to-earn video games. According to the FBI and the CISA, hackers deploy a variety of malicious tactics that target venture capital funds investing in cryptocurrency and individual holders of crypto funds.
Social engineering campaigns and spearphishing emails try to encourage users to download malicious crypto applications or click links to check a currency balance. Those applications or links will install malware on the victim’s computer to steal credentials, log in to accounts, and execute fraudulent blockchain transactions. Funds will then go to untraceable external accounts used to launder money, making any law enforcement response or follow-up action impossible.
But the Treasury Department has tried to take extensive action to block such transactions—especially since the funds stolen have purportedly been used for North Korea’s nuclear program. Several of the groups responsible for these actions have been added to international sanctions lists; one of those groups, the Lazarus Group, was even involved in the notorious 2014 hack of Sony Pictures, which was executed at the direction of North Korea’s primary intelligence agency.
The FBI, the CISA, and the Treasury Department urge businesses, computer users, and cryptocurrency holders to take proactive steps to mitigate such schemes. Even if you don’t own cryptocurrency, education and awareness about the cyber threat is strategy #1.
Here are five other steps you can take today:
1) Implement multi-factor authentication (MFA) and single sign-on (SSO) for every account. Only a year or two ago, MFA and SSO were relatively rare, considered by many companies and employees to be nothing more than an irritating extra step. With digital threats escalating and the threat of credential theft higher than ever, however, these layers of heightened defense are becoming more and more routine. Defined as a login process that contains two or more crucial steps, MFA requires a user to enter his or her password followed by a unique code or push notification typically delivered by text or email to confirm their identity. Meanwhile, SSO involves using a protected entryway for all applications and platforms to streamline access. Together, they can reduce the negative impacts of a stolen password, which is often recycled by hackers who use it to try and log in to multiple networks, databases, and devices.
2). Automatically deploy security updates and software patches. Many people assume that out-of-date operating systems and legacy software applications aren’t that big of a threat. But the infamous WannaCry attack in 2017 exploited the end of support for Windows 7, bypassing built-in privacy protections and easily compromising user machines.
3). Multi-layered network security tools. These include a variety of tactics that, deployed together, can dramatically increase your overall cybersecurity:
- DNS filtering, which protects against web-based attacks such as malvertising, compromised websites, and encryption servers
- Anti-spam filters that protect against email-based attacks by quarantining suspicious email attachments in a sandbox
- Security incident event management (SIEM) and security operations centers (SOC) that provide an extra layer of threat detection
- Endpoint detection and response (EDR) that allows a trusted IT team to have full visibility into a company’s network, analyzing traffic to spot malicious movements while automating responses and enabling real-time threat identification.
- Regular, remote, and redundant data backups. These provide the best protection from ransomware, malware, and other dangerous threats because they can be relied upon in the event of an illicit infection or unwanted file encryption. Even in rare cases when multiple layers of ransomware are deployed in tandem to try and paralyze systems, they can be wiped clean and data can be restored from a recent backup to help your business bounce back from even the most devastating attack.
4). Proactive, comprehensive IT support you can count on. All the cybersecurity protections outlined above can do a world of good—if they’re deployed properly and maintained regularly by a trusted business partner. Instead of waiting for a ransomware attack to occur or a new crypto-specific spearphishing campaign to pop up, the best managed services provider (MSP) will take a proactive approach. That means
- 24×7 monitoring to keep a constant eye on every piece of your company’s technology ecosystem
- Advanced anti-malware, traffic analysis, and multi-layered network security solutions
- Nationwide support that can protect your employees working in the office and remotely
- Real-world cybersecurity training for your employees
- Industry-specific compliance
- And the human intelligence that should function behind the scenes of most automated IT processes
That’s the kind of support your business deserves—and it’s the kind of support that CMIT Solutions specializes in. We work hard to understand today’s biggest threats and anticipate tomorrow’s potential problems. We view ransomware as an existential threat to core business functions, and we know how to tread carefully with new technologies like cryptocurrency. We advise our clients on the best way to solve short-term problems and plan for long-term success.
We keep thousands of small to medium-sized businesses across North America running every day. If you’re ready to take data protection and IT health seriously, we’re here to help. Contact CMIT Solutions today to learn more about our proactive approach and our strong track record of caring for businesses like yours.