Page 89 - Cyber Defense eMagazine for July 2020
P. 89
200-300 million for Q3 2017.17 More specifically, navigation systems such as the Electronic Chart
Display (ECDIS) are very vulnerable and have also been hit with different attacks being reported in Asia.
According to the maritime technical lead at cyber security firm NCC Group, "Ecdis systems pretty much
never have anti-virus".18
Pyongyang Hackers are Smart
Both of the military vessels involved in collisions, the USS Fitzgerald and the USS John S. McCain, are
guided missile destroyers equipped with the Aegis Ballistic Missile Defense System (BMDS), which is a
system allowing the interception of an ICBM (Intercontinental Ballistic Missile), the ones that are currently
being tested by North Korea and usually equipped with one or multiple nuclear warheads. An ICBM has
four phases: boost, post-boost/ascent, midcourse and terminal (reentry in the atmosphere). The Aegis
BMDS aims at destroying an ICBM during the post-boost/ascent phase (before the missile leaves earth’s
atmosphere).
The Lazarus hacking group, famous for the Sony breach in 2014 and allegedly linked to North Korea,
targets individuals associated with U.S. defense contractors with the same tools and tactics of the Sony
breach. This time, the phishing emails display fake job listings and companies’ internal policies.19 Some
jobs listed were for the US (Terminal High Altitude Area Defense) THAAD system, which is a BMDS and
intercept an ICBM in its terminal phase (after the missile re-enters in the atmosphere).
Therefore, if the four U.S. Navy collisions in Asian waters are due to a cyberattack, the explanation could
be that the North Korean government is attempting to infiltrate the U.S. military system to be able to
collect information on the full spectrum of BMDS and, at best, disrupt the defense systems against its
ICBM. On the diplomatic side, it could be a strong message sent to the US and its Asian allies assuring
them that Pyongyang has serious capabilities and that it would be better to negotiate with it than escalate
tensions.
This strategy is part of a general trend in APT (Advanced Persistent Threats), long-term targeted specific
cyberattacks mixing a combination of social engineering, cyberweapons, and vectors to get inside
networks, instead of hacking directly the big fish such as the Department of Defense or a big player in
weapons (Aegis, Boeing, Lockheed Martin, etc.), hackers will target a third party working for these targets.
Indeed, their cybersecurity posture will be lower than a critical administration or company with
technologies and processes in places regarding cyberdefense, and with aware employees towards
phishing campaigns.
17 MIMOSO Michael. “MAERSK Shipping Reports $300M Loss Stemming from NotPetya Attack”, Threatpost, Aug 16, 2017
https://threatpost.com/maersk-shipping-reports-300m-loss-stemming-from-notpetya-attack/127477/
18 BARANIUK Chris. “How hackers are targeting the shipping industry”, BBC, Aug 18, 2017
http://www.bbc.com/news/technology-40685821
19 BARTH Bradley. “Lazarus Group tied to new phishing campaign targeting defense industry workers”, SC Media, Aug 14, 2017
https://www.scmagazine.com/lazarus-group-tied-to-new-phishing-campaign-targeting-defense-industry-workers/article/681701/
Cyber Defense eMagazine –July 2020 Edition 89
Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.