CyberWeekly: North Korea Defectors, Hacking Newspapers, and Israeli Startups
CyberWeekly Newsletter: Weekly Edition
North Korea Suspected of Targeting Defectors
You would think that North Korean state-sponsored hackers would have more productive things to do, than targeting defectors. After all, much of the Hermit Kingdom’s nefarious online activity has the goal of fundraising to fill state coffers to make up for international sanctions. However, North Korea is the prime suspect for having stolen the personnel data of 997 North Korea defectors in South Korea, including their names and addresses.
If you’re thinking that it sounds petty that a nation-state would use precious cyber-espionage assets simply to track down defectors… well, you’re not wrong. Then again, authoritarian regimes often are petty and hate dissent. This incident highlights how connected societies are increasingly vulnerable to cyber-espionage succeeding, where traditional espionage may not have.
Could a North Korean spy have gotten access to the records of the Hana Foundation, which helps settle DPRK defectors in South Korea? Maybe, but we can all agree that it’s much less work to get an unwitting staffer to open a phishing email.
Hacking Newspapers
One way to ensure that the news media talks about the threats of cyber-attacks is for threat actors to attack newspapers. When you hear about newspapers getting hacked, the natural assumption is that the newspapers’ online sites were attacked. The attacks caused disruptions in the printing and delivery of major US newspapers, including the Los Angeles Times, Chicago Tribune, and Baltimore Sun as well as the West Coast editions of the Wall Street Journal and New York Times.
Is there some coordinated effort to cripple the United States newspaper industry? Not really. Instead you have one newspaper conglomerate, Tribune Publishing, which had its back-office system affected by the Ryuk ransomware. Attribution for Ryuk is conflicted. Check Point links Ryuk to the Lazarus Group, while Crowdstrike believes Eastern European cyber-criminals were responsible for the attack.
One thing is for sure. Corporate boards need to give appropriate consideration to cybersecurity, when approaching mergers and acquisitions (M&A) activity. This cyber-attack wouldn’t have been as attention-grabbing, if it was just the Chicago Tribune, which was affected. However, after decades of acquisitions one ransomware attacked affected multiple newspapers across America.
Wipe Before Disposing
A recent Business Insider article described how “Western companies routinely sell their old tech hardware to private companies in foreign countries, without wiping the sensitive data on them first.” It’s the sort of news that leads to an epic facepalm by information security professionals.
What sort of information did BI’s source get access to by buying old servers?
A mostly complete database of the Dutch public health insurance system, with social security data, billing, addresses, medical histories.
Codes, software and procedures for the traffic lights and railway signalling "for a few major Spanish cities."
Customer credit card data for a major UK supermarket chain, including addresses and shopping habits.
A mostly complete employee directory with access codes, badges, smartcards, and passwords for a major European aerospace manufacturer.
That’s mildly terrifying. So first let’s give the obligatory (and obvious) advice that you shouldn’t sell your corporate servers without wiping them first. (If you’re not sure about the difference between deleting and wiping, check out this quick explanation.)
Second, let’s take this opportunity to think about the proper wiping of our personal devices (computers, external drives, phones and even thumb drives) before disposing of them. Likely more, than a few readers wish they’d been more thoughtful about disposing of a few devices over the years.
Want a few options for wiping your devices? Check out this article from How-To Geek. Ans of course, encrypting your data will help reduce your risk as well.
Israeli Cyber Startups
In recent years Israel has become synonymous with cyber security. The Israeli cyber security industry continued to fly along in 2018. According to a year-end recap by Yoav Leitersdorf, managing partner at YL Ventures, total funding for Israeli cyber security companies increased by 22% in 2018 to US$ 1.03 billion. While the recap is a bit of a cheerleading article for the Israeli cyber security industry, it highlights something about that market that seems pretty obvious. The Israeli cyber industry is effectively subsidized by the Israeli Defense Force (IDF).
Courtesy of the Israeli Defense Service Law the country funnels the majority of its citizens through military training and service (30 months for men and 18 months for women). Imagine, if the U.S. cyber security industry could get the U.S. military to train all of its potential employees. A quick internet recon on LinkedIn showed 40,324 profiles with Israel Defense Forces in their Experience. Furthermore, 3,986 profiles specifically listed Unit 8200—the Israeli equivalent of the NSA—in their Experience.
All in all, this effective government subsidy seems like a great bonus for any potential investors, who are looking at Israeli cyber security startups.
However, it takes more than just relevant military experience for entrepreneurs to succeed. As Leitersdorf points out:
“Although Israel’s cybersecurity ecosystem relies heavily on the technical training potential entrepreneurs receive during service in the Israeli Defense Forces (IDF), in 2018, the proportion of founders coming straight out of the IDF fell to 2 percent, dropping from 10 percent the year before.”
As you’re likely to see elsewhere—including the United States—additional schooling and/or private sector experience is key to translating military experience to entrepreneurial success. A great U.S. example would be cyber security startup CYR3CON. (Disclosure: CYR3CON was founded by a friend of a friend.)
Cool Job of the Week
National Basketball Association (NBA) — Cyber Security Analyst (Location: Secaucus, NJ)
Veteran-Preferred Job of the Week
Shell — Senior Threat Hunting Analyst/Security Data Scientist (Location: Houston, TX)
Hope you’ve enjoyed this week’s edition of the CyberWeekly Newsletter. Please share with a friend or colleague.
Click here to subscribe to the CyberWeekly Newsletter.
Stay vigilant,
Oritse J. Uku, Editor-in-Chief
Disclaimer: The opinions expressed in this newsletter are my own.