After North Korean bad guys target UK supply chains the UK’s NCSC and Republic of Korea (ROK) National Intelligence Service have released a joint statement to raise awareness of DPRK state-linked cyber actors increasing frequency, and focus of attacks on supply chains present in the finance, defence and government sectors globally.

The threat from North Korea is not new as detailed in this examination of their threat by the Diplomat

The latest documented attack was achieved via a ‘watering hole’ technique. This targets groups of users by placing malicious links or software on a compromised website that the chosen victims commonly visit. Once the link is clicked and the initial stage of software downloaded, the Command & Control infrastructure under the control of the attackers is instructed to download a payload. In this case, the objective was a zero-day vulnerability in MagicLine4NX, a security authorisation software used for secure logins in organisations.

Whilst is it hard to protect against zero-day attacks, as by their very nature there will be no patches available, organisations must establish and emplace relevant security measures which will help prevent lateral movement within systems and networks should there be vulnerable software in the environment.

There are two key areas of mitigation available to help organisations improve their defences:

Management Measures

  • Raise awareness of supply chain attacks and promote understanding
  • Provide regular training on Cyber Security to help staff spot malicious tactics and attacks so they may be reported within a short time-frame
  • Identify threats to your supply chain by ensuring there is an up-to-date supply chain inventory. Further determine threat priorities and access impacts
  • Check access to critical data and infrastructure – identify staff and suppliers whom have access authority to limit privileged access

Technical Measures

  • Install security updates to maintain the most recent versions of all software. Where possible, this should be completed automatically
  • Adopt 2 Factor Authentication for all (administration and operational user) accounts to help prevent unauthorised logins
  • Monitor network infrastructure to establish a common pattern and highlight anomalous traffic

Cyber & Data has a suite of products to help organisations gain a stronger security posture that includes training, Cyber Risk Assessment and expertise in deploying Watchguard’s ThreatSync, a new initiative that provides cost-effective threat detection, response and reporting.

Hopefully you won’t be targeted by any North Korean bad guys but if you do have any cyber concerns please contact sales@cyber-data.co.uk for friendly and expert advice on how to reduce your cyber risk profile.