Nation-state attacks through the Internet continue to escalate, with a massive surge in cyber-reconnaissance activity appearing to come from North Korea at the same time the country ratcheted up its nuclear rhetoric, according to security experts.
In February, attackers operating from North Korean Internet addresses probed U.S. servers more than 1,000 times, up from the previous average of fewer than 200 probes per month, according to managed security firm Solutionary. In addition, a massive reconnaissance operation—consisting of another 11,000 probes from servers in North Korea—was directed at a single financial institution, wrote Jon Heimerl, Solutionary’s director of strategic security, in the brief analysis.
The attacks seem to coincide with North Korea’s apparent nuclear test on Feb. 12, he said.
“There do appear to be several parallels between escalated verbal rhetoric and escalated cyber-attacks,” Heimerl wrote. “It is evident that, whether government influenced or not, that the dual path of aggression is a new way of facing the world, at least from North Korea.”
The Internet has increasingly become the medium for deniable nation-state activity. From China’s cyber-espionage to the United States’ and Israel’s alleged attack on Iran’s nuclear program using the Stuxnet worm, cyber conflict has become a staple of nations’ covert military intelligence and reconnaissance operations.
In February, for example, incident-response firm Mandiant released a report detailing the connections between an intelligence unit of China’s People’s Liberation Army and widespread attacks on U.S. companies and interests. In a blog posted on April 24, security firm Cyber Squared said that analysts using the firm’s Threat Connect forum had found that those attacks had continued unabated and defied prediction, by hardly changing their tactics.
“Many within the global security industry, both public and private sectors, speculated that the group’s tactics, tools and procedures (TTPs) would change drastically in response to the disclosure,” the firm stated in the post. “As of late April 2013, Chinese cyber-espionage threat groups have clearly continued their activity … (and) in fact, there has been little change.”
The United States is currently considering a variety of options in response to Chinese unabashed hacking, including trade sanctions and other diplomatic pressure, the prosecution of Chinese nationals in U.S. courts and striking back at the Chinese through cyber-space, according to officials cited in an Apr. 22 article in the Wall Street Journal.
The U.S. government has also signaled that cyber-operations have become a priority in the latest budget. The Obama administration plans to boost spending on cyber-security operations by $800 million to $4.7 billion, while cutting other Pentagon programs by nearly $4 billion.
The attacks emanating from North Korean IP space favor financial services, but show only slight preferences among other industries. Many other attacks focused on education, manufacturing and business services, according to Solutionary’s data. The company expects that North Korea—and other nations with smaller military forces—to focus on Internet operations to achieve their national aims.
“Given the more hard-line government in North Korea, we expect escalations like this to continue, and to become even more evident in other conflicts around the globe,” Solutionary’s Heimerl wrote.