King, Crown Prince congratulate President of Chad on Independence Day    GASTAT: Industrial Production Index increases by 20.8% in June 2022    Fast food giant Domino's pulls out of the birthplace of pizza    WHO calls for optimizing brain health to benefit people and society    Finland and Estonia call for EU ban on tourist visas for Russians    Republican uproar over FBI raid on Trump home    Heat, drought and wildfires during one of the warmest Julys on record: WMO    Ukraine war must end with liberation of Crimea: Zelensky    More breathing devices needed for premature babies born in Ukraine    Jeddah corniche witnesses twin tragedies on Saturday Hours after demise of Dr. Afaf, university professor also drowns during rescue mission    US Stock Market Closes Lower    OIC Condemns Terrorist Attack in Mali    Saudi Arabia demands international community to stop repeated Israeli attacks    Victory becomes the sweetest for Al-Marzouki with a warm touch of motherly affection    Qatar Stock Exchange Ends Trading Lower    Center for Research and Intercommunication Knowledge Participates in Educational and Training Programs in Indonesia    KSrelief Distributes over 92 Tons of Food Baskets in Taiz Governorate, Yemen    Saudi, US Marine Corps arrive in Yanbu for Native Fury 22 joint exercise    KAPSARC Highlights Critical Global Energy Challenges and Solutions at the 43rd IAEE Conference in Tokyo    SABIC Announces Second Quarter Results 2022    Nominations Open for 2023 IsDB Prize for Impactful Achievement in Islamic Economics    SAR Trains Carry over 2.3 Million Passengers, 6.75 Million Tons of Goods in First Half of 2022    Korean girl group Blackpink to play in Riyadh during 2023 world tour    Friends and fans pay tribute to superstar singer and actress Olivia Newton-John    Eight Dead, Six Missing in South Korea's Heaviest Rainfall in 80 Years    Weather Forecast for Tuesday    Ahead of Qatar World Cup, expanded Salwa border crossing inaugurated Capacity up by 4 times to accommodate 12,000 cars in each direction    Saudi banks earn SR7.7 million profits in every hour    Buraidah date festival sales exceed SR62m in one week    Manchester United must let Ronaldo leave, says Rooney    Saudi Arabia wins gold in Special Olympics Unified Cup in Detroit    Saudi team for Special Olympics Unified Football wins gold medal of World Cup    Evergrande gets $818m as football stadium land deal canceled    Egyptian U20 Football National Team Beats Algerian Counterpart to Qualify for 2022 U-20 Arab Cup Final Match    Saudi Arabia to Participate in the 5th Islamic Solidarity Games in Turkiye    SAUDIA Brings New Immersive Experiences to London    Association of Culture and Arts in Dammam Announces Winners of "International Video Art Forum"    Slaughterhouses of MEWA received more than 600,000 sacrifices in 3 days of Eid    Custodian of the Two Holy Mosques Delivers Speech to Pilgrims, Citizens, Residents and Muslims around the World    MoH Activates Sign Language to Communicate with Pilgrims with Deafness or Muteness During Hajj    Sheikh Al-Issa at Arafat sermon: Values of Islam foster harmony; eschew hatred and division    Sheikh Al-Issa in Arafah's Sermon: Allaah Blessed You by Making It Easy for You to Carry out This Obligation. Thus, Ensure Following the Guidance of Your Prophet    Council of Scholars urges pilgrims to stay away from divisive acts    Red Sea Fund Opens Its Third Cycle for Production Funding    SFDA Warns Against Herbal Product "Montalin Jamu" Due to Containing Active Medicinal Ingredients    Makkah Municipality offers animal sacrifices permitting service through Baladi platform    Custodian of the Two Holy Mosques addresses citizens and all Muslims on the occasion of the Holy month of Ramadan    Pilgrims Perform Dhuhr and Asr Prayers at Arafat Holy Site    







Thank you for reporting!
This image will be automatically disabled when it gets reported by several people.



Experts question North Korea role in WannaCry cyberattack
Published in The Saudi Gazette on 21 - 05 - 2017

A couple of things about the WannaCry cyberattack are certain. It was the biggest in history and it's a scary preview of things to come - we're all going to have to get used to hearing the word "ransomware." But one thing is a lot less clear: whether North Korea had anything to do with it.
Despite bits and pieces of evidence that suggest a possible North Korea link, experts warn there is nothing conclusive yet - and a lot of reasons to be dubious.
Within days of the attack, respected cybersecurity firms Symantec and Kaspersky Labs hinted at a North Korea link. Google researcher Neel Mehta identified coding similarities between WannaCry and malware from 2015 that was tied to the North. And the media have since spun out stories on Pyongyang's league of hackers, its past involvement in cyberattacks and its perennial search for new revenue streams, legal or shady.
But identifying hackers behind sophisticated attacks is a notoriously difficult task. Proving they are acting under the explicit orders of a nation state is even trickier.
When experts say North Korea is behind an attack, what they often mean is that Pyongyang is suspected of working with or through a group known as Lazarus. The exact nature of Lazarus is cloudy, but it is thought by some to be a mixture of North Korean hackers operating in cahoots with Chinese "cyber-mercenaries" willing to at times do Pyongyang's bidding.
Lazarus is a serious player in the cybercrime world.
It is referred to as an "advanced persistent threat" and has been fingered in some very sophisticated operations, including an attempt to breach the security of dozens of banks this year, an attack on the Bangladesh central bank that netted $81 million last year, the 2014 Sony wiper hack and DarkSeoul, which targeted the South Korean government and businesses.
"The Lazarus Group's activity spans multiple years, going back as far as 2009," Kaspersky Labs said in a report last year. "Their FOCUS, victimology, and guerrilla-style tactics indicate a dynamic, agile and highly malicious entity, open to data destruction in addition to conventional cyberespionage operations."
But some experts see the latest attack as an anomaly.
WannaCry infected more than 200,000 systems in more than 150 countries with demands for payments of $300 in Bitcoin per victim in exchange for the decryption of the files it had taken hostage. Victims received warnings on their computer screens that if they did not pay the ransom within three days, the demand would double. If no ransom was paid, the victim's data would be deleted.
As ransomware attacks go, that's a pretty typical setup.
But that's not - or at least hasn't been - the way North Korean hackers are believed to work.
"This is not part of the previously observed behavior of DPRK cyberwar units and hacking groups," Michael Madden, a visiting scholar at the Johns Hopkins School of Advanced International Studies and founder of North Korea Leadership Watch, said in an email to The Associated Press. "It would represent an entirely new type of cyberattack by the DPRK."
Madden said the North, officially known as the Democratic People's Republic of Korea, if it had a role at all, could have instead been involved by giving or providing parts of the packet used in the attack to another state-sponsored hacking group with whom it is in contact.
Other cybersecurity experts question the Pyongyang angle on different grounds.
James Scott, a senior fellow at the Institute for Critical Infrastructure Technology, a cybersecurity think tank, argues that the evidence remains "circumstantial at best," and believes WannaCry spread due to luck and negligence, not sophistication.
"While it is possible that the Lazarus group is behind the WannaCry malware, the likelihood of that attribution proving correct is dubious," he wrote in a recent blog post laying out his case. "It remains more probable that the authors of WannaCry borrowed code from Lazarus or a similar source."
Scott said he believes North Korea would likely have attacked more strategic targets - two of the hardest-hit countries, China and Russia, are the North's closest strategic allies - or tried to capture more significant profits.
Very few victims of the WannaCry attack appear to have actually paid up. As of Friday, only $91,000 had been deposited in the three Bitcoin "wallet" accounts associated with the ransom demands, according to London-based Elliptic Enterprises, which tracks illicit Bitcoin activity.
More importantly, Scott said, the rush to blame North Korea distracts from bigger issues - software vulnerabilities resulting from manufacturers' refusal to incorporate security into their software development, organizations' failure to protect their systems and client data and the responsibility of governments to "manage, secure, and disclose discovered vulnerabilities."
"Global attacks are the new normal," he wrote. – AP


Clic here to read the story from its source.