BACKGROUND:
A North Korean hacking group breached South Korea’s state-run nuclear research institute last month. The group has a history of carrying out high-profile attacks against South Korea. The 13 unauthorized IP addresses were detected during the investigation which traced back to North Korean cyberespionage group.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
<p><span style=\"font-size: small;\">It\’s troubling to hear reports that a North Korean hacking group may have conducted attacks against South Korea\’s state-run nuclear research facility last month. With North Korea\’s nuclear ambitions well known, this breach could have serious consequences on global security if South Korean nuclear intelligence is compromised.</span></p>
<p><span style=\"font-size: small;\"><br /><br />This breach should serve as a warning for research centres worldwide. While if a nuclear plant itself was attacked, the situation would arguably have been much worse, the highly sensitive information a research facility holds could change the course of history and arm malicious nations with the material to cause even further disruption in the future. By tackling this type of threat with a coordinated cyber security approach – nationwide and international – the risk of an attack can be mitigated. Looking at suspicious activity over large datasets and being able to block potentially malicious activity allows security teams to intercept attacks early enough in their life-cycle to reduce potential damage and roll this intelligence out across potentially vulnerable organisations. This, combined with other security techniques which keep highly sensitive information under further security measures, will build defences against state-sponsored hacking groups such as those allegedly responsible for the most recent incident against South Korea.</span></p>
<p>Colonial Pipelines was the \"canary in the coal mine\" for the rest of the world to understand how vulnerable our key infrastructure components are to cyberattacks. It\’s not enough just to meet compliance – we have to start ensuring our efforts for meeting compliance are also meeting real security objectives. We know that all systems are being scanned for vulnerabilities every day – and that\’s for entities without a bullseye painted on their back, such as the energy and water enterprises have. It’s time to assume that the attackers will find a vulnerability and then gain an opening into our systems. What privileges have we granted remote users, what access do they had granted, have much damage can a rogue use do if they have access? This is where zero trust comes in and the auditing behind it.</p>
<p><span lang=\"EN-US\">Nation state actors are different to cybercriminal gangs or individual attacks as they are often more difficult to prevent, largely due to their determination and persistence. Although high profile cyberattacks use impressively sophisticated techniques to gain entry or cause disruption, they often still begin with phishing attacks targeted at individuals – which tend not to stop until access is gained. Segregation is key to protect intellectual property and restricting access to sensitive information – but awareness is also imperative for all staff. Those at risk must be trained accordingly, both on how to deal with attempts to gain access and in the reporting process.</span></p>