Could Blockchain Security Be an Effective Strategy Against APT38-Type Cyber Heists?

The speeding progression of networked technologies has seen a rise in both the number of vulnerabilities within a system and an increase in both the number and sophistication of the tools used to take advantage of them. Companies managing financial and personal data of millions of clients, companies such as commercial banks, are looking at technologies such as Blockchain to ensure one hundred percent data integrity in case of an intrusion. Question is can Blockchain combined with artificial intelligence based cyber security tools prevent events like the APT38 cyber heist?

Before we dive further into it and analyze capabilities of Blockchain for Cyber Security, let’s take a quick look at what APT38 is and review mechanics of how these types of attacks are carried out.

What Is APT38?

A recent report from FireEye claimed that a group, allegedly backed by North Korea, known as APT38 is responsible for the theft of over 100 million dollars and, given the scale of their attacks, should be considered a serious risk.
Over the years, many malicious hacking groups have come forward or been discovered through investigating their attacks. Some of the most famous include groups like Dragonfly, Axiom, Anonymous, Lulzsec, and Lizard Squad. Between them their attacks vary with some such as Lizard Squad being more prank-like, while others such as Axiom and Dragonfly are much more dangerous and criminal.

APT38, named after the designation “Advanced Persistent Threat,” are thought to be a branch of a larger collection of North Korea-backed hackers known collectively as Lazarus Group. Researchers also found that the way in which APT operates and the tactics and procedures it uses are distinct enough from other actors within the group to be tracked separately.

APT38 has been shown to be financially focused with their attacks and are believed to be one of the ways in which a desperate North Korean regime is secretly looking to bring in money. It is believed that since at least 2014, APT has been responsible for activities in 16 companies located within 13 different countries around the world, something that would be incredibly difficult to achieve without significant resources available to hand.

How Do These Attacks Work?

One of the other main theories behind the idea that APT38 are backed by the North Korean regime is the characteristics of their attacks. While investigators did claim there was evidence to suggest a shared malware developer between APT38 and other identified North Korean groups, clear distinctions were found between APT38 and other actors including the actor known as TEMP.Hermit.

Most of the group’s heists involve targeting banks for significant amounts of money. APT38 attacks are characterized by the group’s long planning, adaptability across operating systems, extended periods of access to compromised systems before any attack is attempted and a willingness to completely destroy compromised machines in an attempt to thwart investigators and cover their tracks.

APT38 malware has been observed to just sit and wait in a compromised system, gathering credentials and absorbing as much information as it can about the network in an effort to find vulnerabilities. According to some experts, when targeting SWIFT servers within the banks being hit, they’ve even been known to use both passive and active backdoors for access to a system’s internals.

Blockchain and Cyber Security

So, what can be done about such threats? Cyber security researchers and developers are currently looking into several ways in which these sorts of threats can be dealt with. One of the most promising technologies currently being utilized by a number of companies for cyber security purposes is blockchain technology.

Blockchain technology is often one of the biggest appeals to those interested in investing in areas such as cryptocurrencies as it is one of the few places blockchain technologies have been in place for more than a couple of years. Blockchains are essentially distributed ledgers or databases made up of blocks of information that are secured using cryptography and maintain a continuous record of all the actions performed with an object or file, such as a cryptocurrency.

One of the ways in which APT38 would steal money is through tricking SWIFT servers with fake requests and then channeling those funds to their own accounts. With an immutable and distributed ledger recording all legitimate transactions, such as with blockchain technology, this would be much more difficult to do, regardless of how much time had been spent gathering intelligence within the compromised system.

The distributed nature of distributed blockchain ledgers means that no one system or administrative agency has a master copy and everybody with access to it can see the same transactions, no lone individual or system can change or alter entries in it. This inherent feature of blockchain has even been shown to work as a deterrent for cyber-crime in some cases.

With cyber security becoming an increasingly essential aspect to nearly all of our personal, business, and public technological systems, the need for adequate ways in which to protect ourselves has never been clearer. Technologies such as blockchain may well hold the answer to some of the challenges posed by groups such as APT38 and are even beginning to show signs of influencing the direction of cyber-security systems to come.

Related Posts