North Korea Military Parade

North Korea’s widening Net, pricing the Equifax Hack & Dark Markets in Turmoil

In this week’s podcast, after a string of reports about North Korea’s growing forays onto sensitive corporate networks, we speak with Adam Meyers of CrowdStrike about the widening net of North Korean offensive hacking and how the Hermit Kingdom is playing the part both of cyber criminal and nation-state actor.  Also: we unpack the cost of the Equifax breach with Accenture and talk to Flashpoint about the turmoil on the deep, dark web following the shutdown of the AlphaBay marketplace. 

The Security Ledger reported last week that North Korean hackers were making forays onto the networks of U.S. defense contractors. Our report, which cited a senior executive at a prominent aerospace firm, said that the hackers appeared to be interested in finding information about weapons systems deployed on the Korean peninsula.  That report was followed by a warning from the DHS and FBI about a campaign of hacks dubbed Hidden Cobra that was linked to the reclusive government of North Korea.

North Korea Military Parade
CrowdStrike says that North Korean hackers have been expanding their list of targets to include defense and financial firms in the US.

The common thread: North Korean hackers are interested in a lot more than poking and prodding their long-sworn enemy to the south. To understand more about the growing threat posed by North Korea, we sat down with Adam Meyers, the Vice President of Intelligence at the firm CrowdStrike about his company’s research into the widening net of North Korean offensive cyber operations. Meyers fills us in on his company’s intelligence on how DPRK is targeting a wide range of firms for reasons ranging from espionage to financial gain.

Also in this week’s podcast: credit monitoring firm Equifax released its third quarter financial results last week and put an $87 million figure on the cost of the data breach that affected some 140 million individuals in the US, Canada and the UK. The company also said it saw year on year profits slip. And, of course, those measures don’t take into account the billions in value that disappeared when its stock slumped more than 30% on the news.

Still, we wondered if that $87 million tells the whole story of what Equifax’s monumental blunder will cost the company. To understand more what is at stake, we sat down with Kevin Richards, the Global Lead for Security Strategy at the firm Accenture. His company recently teamed up with The Ponemon Institute for a study of the cost of cyber crime. I start our conversation by asking Kevin to talk about the Equifax breach and the company’s $87 million figure and whether the figure – while large -wasn’t a small price to pay for a company as large as Equifax.

And finally, the past year has brought news about major data breaches involving hundreds of millions of consumer records. But it has also brought news of some major law enforcement crackdowns of underground cyber marketplaces like AlphaBay in July. The result has been a scrambling of what some refer to as The Deep, Dark Web: a murky world of underground bazaars that are invisible to Google and other search engines. In our final segment, we speak with Olivia Rowley, a cyber crime analyst at the firm Flashpoint about what’s bubbling on the Deep and Dark Web and pushes among some cyber criminals to a new way to buy and sell illicit goods.

Check our full conversation in our latest Security Ledger podcast at Blubrry (this is a new platform). You can also listen to it on iTunes.  As always, if you like our intro music, give some love to the group JoeLess Shoe, who recorded “Baxton,” the song we use in just about every podcast.