Pinning WannaCry on North Korea May Help Corporate Cybersecurity

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

By Daniel R. Stoller

The White House’s decision to blame North Korea for the WannaCry ransomware attack may help companies guard against future nation-state cyberattacks, cybersecurity pros told Bloomberg Law.

Understanding who is behind a large-scale cyberattack can help companies “have a more effective cyber resiliency strategy,” Ed Stroz, co-president at cybersecurity risk solutions company Stroz Friedberg and a former special agent at the FBI, told Bloomberg Law. Without the ability to attribute a cyberattack to a source, companies can often misunderstand and underestimate the motivations of cybercriminals, especially nation-states, which can lead to future attacks on a business and on the private sector as a whole, he said.

The White House announced Dec. 19 that was it was pinning responsibility for the attack, which affected more than 300,000 computers in more than 150 countries, on the Asian nation.

Businesses are more likely to see increased U.S. government assistance when a nation-state, rather than cybercriminal gang, is involved. Attacks attributed to nation-states may also lead companies to invest more in their cybersecurity protections because such threats don’t easily go away. Nation-state attacks are launched by countries with economic and political backing, making them hard to limit.

Countries like North Korea are a formidable cybersecurity foe because, unlike other cybercriminal groups, “nation-states don’t go out of business or bankrupt,” Stroz said. Such attacks also serve as a reminder to companies that sharing any cyberthreat information can lead, at a minimum, to shifting the blame to the nation-state from the business.

Attribution Assistance

The White House tying North Korea to the WannaCry ransomware attack can also be a reminder to the U.S. government and businesses that cyberthreat information sharing is important to tackle such attacks. Companies that want to share cyberthreat information with the government will generally use a Department of Homeland Security program that was set up under the Cyberthreat Information Sharing Act (CISA) in 2015.

The North Korea attribution will give the U.S. government an opportunity to win over companies skeptical of working with it, Stroz said. If companies are still worried about sharing with the government after the announcement, “this is a good way to answer the skepticism, which the White House definitely will do,” he said.

White House Homeland Security Advisor Tom Bossert said Dec. 19 that the U.S. attribution of the attack to North Korea is “a step towards holding them accountable, but it’s not the last step.” The public- and private-sectors must “cooperate to mitigate cyber risk and to increase the cost to hackers by defending America. The U.S. will lead this effort,” he said.

Companies are weighing when to share cyberthreat intelligence with the government, Matthew Heiman, fellow at the National Security Institute at George Mason University and former attorney adviser in the Department of Justice’s National Security Division, told Bloomberg Law.

The government must do more outreach to convince companies that sharing such data with the government is beneficial to national security, Heiman said. It can reduce cyberthreat sharing anxiety by providing better incentives to companies, such as greater civil and regulatory liability protections, he said.

In addition, the attack may push more companies to work with law enforcement agencies, such as the FBI and DHS, when hit with a large-scale cyberattack.

Working with the law enforcement agencies can only help companies faced with nation-state cyberattacks, Stroz said.

Ransomware attacks are infiltrating more companies across multiple sectors. These attacks are good business models for cybercriminals, as ransom payments are reaching more than $1 billion annually, according to Deputy Attorney General Rod Rosenstein.

Unlike other cybercriminal groups, “nation-states don’t go out of business or bankrupt” and use ransomware attacks to gain a profit, Stroz said.

North Korea Attacks

The WannaCry strike isn’t the first cyberattack that has been attributed to North Korea by the U.S. government.

North Korea launched a cyberattack against Sony Pictures Entertainment Inc. in 2014 over the release of The Interview, a fictional satirical comedy film about a plot to assassinate North Korean leader Kim Jong-Un. U.S. officials under then-President Barack Obama blamed North Korea for the 2014 cyberattack that destroyed Sony’s company data and caused the movie studio to delay the release of the movie.

However, it is the first time that a larger hack that penetrated multiple sectors across many countries was pinned on a specific nation-state adversary, Dmitri Alperovitch, co-founder and chief technology officer at threat intelligence company CrowdStrike Inc. in Arlington, Va., told Bloomberg Law. “It is a big deal” because of geopolitical issues the U.S. faces with North Korea, Russia, and other adversaries, he said.

To contact the reporter on this story: Daniel R. Stoller in Washington at

To contact the editor responsible for this story: Donald Aplin at

Copyright © 2017 The Bureau of National Affairs, Inc. All Rights Reserved.

Request Bloomberg Law: Privacy & Data Security