Has North Korea struck again? Do its recent attacks signal a shift from those motivated by political retribution to those motivated by financial gain? What does this mean for financial institutions?
A new report has identified North Korea as the likely source of recent cyber attacks on financial institutions that are part of SWIFT, the Society of Worldwide Interbank Financial Telecommunications, as well as the attack on the central bank of Bangladesh. The connection to North Korea was made by the digital security firm Symantec, which discovered that code from these attacks was also used in the infamous 2014 Sony hack, as well as in attacks on various South Korean targets. The FBI attributed these earlier attacks to the North Korean government, and President Obama signed an executive order authorizing additional sanctions against North Korea.
As the New York Times has noted, North Korea is a plausible suspect in these hacks in part because they appear to be financially motivated. Sanctions and other economic problems have crippled the country for years. In the past, North Korea allegedly mitigated these problems by counterfeiting U.S. currency—an operation that was recently stymied by the redesign of the $100 bill.
The possibility that North Korea is responsible for these attacks raises interesting questions: are financial institutions being targeted by a highly sophisticated nation state? And if so, what addition security measures should be taken?
Whether or not North Korea is to blame for these latest incursions, it is clear that financial institutions are a ripe target for cyber attackers. It is incumbent on these institutions to take meaningful steps to protect themselves and their customers. As we have explained, organizations should start with an overall cyber risk analysis—analyzing not only IT risks but also exposure to governance, regulatory and legal liability—to identify the most likely risks in the event of a cyber attack. Institutions should also take a hard look at their cyber insurance coverage, including an examination of whether their policy limits leave them substantially exposed. Additionally, organizations should consider whether third-party service providers and their vendors are introducing new vulnerabilities that can be exploited.