While the world holds its collective breath to see if Kim Jong Un makes good on his promise to use “the button for nuclear weapons” on his “table,” a new report suggests that North Korean hackers may be developing malware that could take out the U.S. power grid.
Research from Dragos, released in a trio of reports under the umbrella “A Qualitative View of 2017,” revealed that 61 percent of 163 industrial control vulnerabilities discovered last year could be exploited to cause “severe operational impact.”
And the results showed that a new group, dubbed Covellite, has been using code and infrastructure similar to the North Korean-backed Lazarus Group to launch spearphishing campaigns against electric utilities in Europe, Asia and the U.S.
Last fall, FireEye thwarted cyberattackers linked to the North Korean government that it said were likely behind a spearphishing email campaign against U.S. electric companies.
“This activity was early-stage reconnaissance, and not necessarily indicative of an imminent, disruptive cyberattack that might take months to prepare if it went undetected,” FireEye said in a blog post at the time, explaining that the company had previously detected groups suspected to be affiliated with the North Korean government "compromising electric utilities in South Korea," although they didn't cause the power supply to be disrupted.
"There has been a sharp increase in attacks targeting ICS in the last year. While the most high-profile attacks are often politically motivated, the tools for these advanced attacks are becoming widespread,” said Ray DeMeo, chief operating officer (COO) at Virsec. “It's only a matter of time that we start seeing non-nation-state hackers using these advanced tools to extort ransoms, gain publicity, or just cause mayhem.”
But, DeMeo warned, while "tracking the groups behind these attacks may be interesting,” it doesn't improve security “or eliminate the risks of advanced hacking tools.” He stressed that ICS security must “be strengthened from the inside at all levels."