Breach du Jour: North Korea and Russia Have Been Dominating the Cybersecurity Headlines
October was a busy month in Cybersecurity Land. It was officially the Cybersecurity Month in the U.S. and each week had a different theme. If you missed our posts, go back and read them so you are all caught up. Late in the month North Korea and Russia dominated the cybersecurity headlines.
North Korea Hacked Daewoo Shipbuilding and Took Warship Blueprints
North Korea may have stolen South Korea’s warship blueprints. Daewoo Shipbuilding builds submarines and other naval warships for the South Korean government. The alleged cyber attack was first discovered by a division under South Korea’s Ministry of Defense. No word yet on the level of sensitive and classified documents that were stolen, only time will tell. This would not be the first time that North Korea has hacked into South Korea to steal classified information. In related news, North Korea was behind the huge cyber attack against Britain’s state-owned health service’s IT systems. Watch out, North Korea is making a name quickly for itself is cyberterrorism.
Russia and Their Never Ending Cyber Attacks Against Anyone Who Opposes Putin
During the U.S. Cybersecurity Month, one of the hottest topics to hit the airwaves was on how the Russians hacked their way into manipulating the U.S. and other nations that opposed President of Russia, Vladimir Putin. The Associated Press obtained the unpublished list of Russian targets. It also found a database of 19,000 malicious links that were collected by the cybersecurity firm Secureworks. Not to mention the dozens of rogue emails and over 100 interviews with those that were the targets of the hacks. Secureworks found the data after the hacking group Fancy Bear accidentally exposed part of its phishing operation to the Internet. The list showed a direct line between the Russian hackers and cybersecurity leaks in foreign governments.
The SEC Ignored Warnings About Cybersecurity For Years Before the Massive Breach
It seems so surreal that the SEC was warned as early as 2008 by the Government Accountability Office to tighten up their network and to be more cyber secure. The SEC was warned that they needed to encrypt sensitive financial data that was stored on their networks. This lack of encryption is what made it easier for the cyber attackers to gain access. Encryption technology is widely used and for good reason. Consumer products such as laptops and smartphones can immediately be read and the data used if there is not an encryption wall to prevent it. It might not prevent all types of data theft but it can limit the scope of what can be stolen.