North Korea, hack

North Korean hackers have been implicated as the source of several high profile attacks recently. Source: Shutterstock

Banks are bracing for North Korean cyberattacks

BANKS around the world are stepping up their defences against potential attacks from North Korea following concerns over the rogue state’s year-long hacking spree against financial networks and amid US military action over Pyongyang’s nuclear programme.

Cybersecurity experts said North Korean hackers have stolen hundreds of millions of dollars from banks during the past three years, including a heist in 2016 at Bangladesh Bank that yielded US$81 million.

Dmitri Alperovitch, chief technology officer at cybersecurity firm CrowdStrike, told the Reuters Cyber Security Summit on Tuesday that banks were concerned Pyongyang’s hackers may become more destructive by using the same type of “wiper” viruses they deployed across South Korea and at Sony Corp’s Hollywood studio.

The North Korean government has repeatedly denied accusations by security researchers and the US government that it has carried out cyberattacks.

North Korean hackers could leverage knowledge about financial networks gathered during cyber heists to disrupt bank operations, according to Alperovitch, who said his firm has conducted “war game” exercises for several banks.

“The difference between theft and destruction is often a few keystrokes,” Alperovitch said.

Last week, BAE Systems PLC researchers told the Japan Times (via Bloomberg) that Lazarus, a hacking group linked to North Korea, may have been behind this month’s theft of US$60 million from Taiwan’s Far Eastern International Bank.

In a blog post, BAE said the malware was used to steal the money through the international Swift banking network, bore “some of the hallmarks” of Lazarus.

Lazarus and its offshoots were named the prime suspects of last year’s heist of Bangladesh’s central bank to assaults on cryptocurrency exchanges and South Korean ATMs.

Security teams at major US banks have shared information on the North Korean cyber threat in recent months, said a second cybersecurity expert familiar with those talks.

“We know they attacked South Korean banks,” said the source, who added that fears have grown that banks in the United States will be targeted next.

Tensions between Washington and Pyongyang have been building after a series of nuclear and missile tests by North Korea and bellicose verbal exchanges between US President Donald Trump and North Korean leader Kim Jong Un.

John Carlin, a former US assistant attorney general, told the summit that other firms, among them defense contractors, retailers and social media companies, were also concerned.

“They are thinking ‘Are we going to see an escalation in attacks from North Korea?'” said Carlin, chair of Morrison & Foerster international law firm’s global risk and crisis management team.

Jim Lewis, a cyber expert with Washington’s Center for Strategic and International Studies, said it is unlikely that North Korea would launch destructive attacks on American banks because of concerns about US retaliation.

Representatives of the US Federal Reserve and the Office of the Comptroller of the Currency, the top US banking regulators, declined to comment. Both have ramped up cybersecurity oversight in recent years.

Additional reporting by Reuters