Find a story in the news from the past few weeks about cybercrime/cybersecurity incident, or from a criminal or civil case. Briefly describe the issue as the news reported it and why this example is defined as cybercrime/cybersecurity. What advice would you offer to the relevant leaders and policy- makers in regards to the issue?
After posting your original post, be sure to engage in discussion with your peers.
_____________________
respond to this post:
I have discovered an interesting article presented in Forbes about a recent attack carried out by North Korean hackers against cybersecurity researchers. According to the article, the North Korean hackers were portraying cybersecurity bloggers with the goal of attracting researches within the cybersecurity field. One of the most alarming details of the attack is that the North Korean hackers were exploiting mysterious vulnerabilities within the most recently updated versions of Microsoft Windows and Google Chrome. The attack which has been ongoing for three months has consisted of the hackers creating fake twitter accounts attempting to send partially falsified security research and links to a blog to top security researches such as Google’s Ben Hawkes. Within the messages and links, an exploit was able to install a backdoor onto the victim’s computer.
The targeted systems were running the most up to date versions of the Microsoft operating system and Google Chrome at the time of the attacks and it is currently unknown what vulnerability was exposed to implement the attack. The hackers are believed to be backed by the North Korean government (state actors) and had even messaged researches requesting to collaborate on research with a link to a Microsoft Visual Studio project. The link to the project contained a malicious code that would be launched onto the system and would allow the hackers to investigate the system for vulnerabilities.
As even highly skilled and highly experienced researches within the information security field currently seem to be baffled by what may be the provision for the compromise, I believe that in this scenario the best option is to continue to run up to date spyware software on the computers and to avoid opening emails or social media messages on research computers from sources or entities that are not directly related to the research project.
Brewster, Thomas (26 January, 2021) Google Warning: North Korean Hackers Breach Windows And Chrome Defenses To Attack Security Researchers. Retrieved: https://www.forbes.com/sites/thomasbrewster/2021/01/26/google-warning-north-korean-hackers-breach-windows-and-chrome-defenses-to-attack-security-researchers/
CSIS (Accessed: 4 February, 2021) Significant Cyber Incidents. Retrieved: https://www.csis.org/programs/strategic-technologies-program/significant-cyber-incidents
Requirements: 150 – 250
0 comments