Login

***harlan4096*** · 16 September 19, 07:44

Quote:

Can threats to freeze assets be effective against groups backed by a foreign government?

This week the U.S. Department of the Treasury announced sanctions targeting North Korean state-sponsored hacking groups, including Lazarus, which paralyzed 300,000 computers in 150 countries with the 2017 WannaCry ransomware attack.

Treasury officials said the hackers in Lazarus and two affiliated groups support the North Korean military. “Treasury is taking action against North Korean hacking groups that have been perpetrating cyber attacks to support illicit weapon and missile programs,” said Sigal Mandelker, Treasury Under Secretary for Terrorism and Financial Intelligence.

Lazarus was “created by the North Korean Government as early as 2007” and its WannaCry attack was “the biggest known ransomware outbreak in history” in part because it closed hospitals in the United Kingdom, Treasury said in filing the sanctions.

Tech news outlet ZDNet called the sanctions “a long time in coming,” citing reports on North Korean hacking from The United Nations and the Department of Homeland Security.

But how effective will they be? Connecting attacks to specific perpetrators can be more difficult than announcing sanctions to loosely identified groups, experts say.

Guilt can be tough to prove

“North Korea is suspected to be behind a number of high profile cyber attacks,” said Avast Security Evangelist Luis Corrons. “Attribution is extremely difficult in cybercrime, and even if you can probe it to a certain point of confidence, false flags” and other deceptive tactics can obfuscate forensics.

The move authorizes the U.S. to freeze assets connected to the hackers, and “may prompt U.S. companies to examine their businesses for any potential ties to the North Korean hackers,” noted PC Mag. “However, all three groups named today use shadowy tactics to stay hidden.”

“Whatever sanctions are imposed, that does not guarantee in any way that these groups will stop their actions,” Avast’s Corrons noted.

Others agree that catching hackers backed by government can be very difficult. “In the two years since WannaCry, the tactics and tools used by elite hacking collectives have advanced considerably, especially when it comes to expanding their use of botnets,” Byron Acohido wrote on the Avast Blog this summer. “Russia, China, North Korea, and Iran continue to proactively support and direct professional hackers engaged in cyber espionage, data theft and network infiltrations.”
...

Login
Username/Email:
Password:	Lost Password?
	Remember me