Researchers at Solutionary say attack activity originated from North Korea has jumped exponentially in recent months.
According to Solutionary, North Korea typically generates between 34 and 200 “touches” – known acts of reconnaissance, an overt external attack or an attempt to exfiltrate data – each month. In February however, that number increased several times over to 12,473.
“What is special about February of 2013? Only the latest escalation of events with North Korea,” blogged Jon Heimerl, director of strategic security at Solutionary. “On February 12, North Korea announced that it had conducted an underground nuclear test. While there is some debate over whether or not the detonation was nuclear, an underground explosion consistent with a nuclear warhead has been confirmed by several other nations. The test generated widespread condemnation and once again raised potential sanctions against North Korea. North Korea has responded with additional aggressive words, and another threat to test one of their missiles that they say is capable of delivering a nuclear warhead.”
The sheer size of the increase indicates that this is not a coincidence, he argued. In addition, the numbers in March represented a 1,913 percent increase compared to the average number of monthly touches recorded during the January 2012 and January 2013 timeframe, he wrote.
“Just as interesting is the profile of the targets of the network-based touches,” he noted. “According to Solutionary data, North Korean related events pretty evenly spanned target organizations across 13 industries, but showed a clear favoritism for targeting organizations in the financial community.”
From January 2012 through January 2013, 49.1 percent of all North Korean sourced cyber-activity seen by Solutionary was directed at financial companies. In February however, that number jumped to 99 percent. This trend continued into March and spanned the same timeframe that North Korea waged denial of service attacks against South Korean banks and broadcasting companies, he wrote.
“Now, there is no evidence that any of this is supported or even encouraged by the North Korean government,” blogged Heimerl. “But, there do appear to be several parallels between escalated verbal rhetoric and escalated cyberattacks. It is evident that, whether government influenced or not, that the dual-path of aggression is a new way of facing the world, at least from North Korea. Given the more hard-line government in North Korea, we expect escalations like this to continue, and to become even more evident in other conflicts around the globe.”