Welcome to Codebook, the cybersecurity newsletter recommended by 4 out of 5 dentists.
Illustration: Sarah Grillo/Axios
As North Korea tries to rev up its economy, it may shift its hacking efforts from financial thievery to stealing intellectual property, China-style. That's according to a contested new theory from cybersecurity firm CrowdStrike.
Why it matters: North Korea is already one of the "big four" hacking threats — along with China, Russia and Iran — but it currently focuses on cash theft to fill its sanctions-drained coffers. Though experts are mixed on the likelihood Pyongyang's hackers would switch to the model China used to build its domestic industries, most seem to think it's a threat worth keeping an eye on.
The theory works like this:
While CrowdStrike isn't seeing any current intellectual property theft, Meyers suggested a shift (if one is coming) could happen in the next two years.
Yes, but: North Korea lacks the infrastructure for the kinds of high-tech manufacturing that China succeeded with. Despite the finest 1970s-era Soviet manufacturing technology, North Korea doesn't have the equipment to mass-produce cheap, modern products, even if it stole the know-how to make them.
What they're saying: Other experts thought the possibility was, at least, something to monitor.
The big picture: With a summit between President Trump and North Korean leader Kim Jong-un slated for next week, the isolated regime's international situation is more in flux than it has been for decades.
Ukrainian President Petro Poroshenko signed a constitutional amendment Tuesday committing the country to joining NATO and the European Union.
Why it matters: Obviously, there are bigger factors at play here than just cybersecurity. From this newsletter's perspective, two factors resonate:
Kaspersky announced 4% global revenue growth in 2018 despite a 25% drop in U.S. sales.
The big picture: While Huawei is the current poster child for tech companies accused by the United States of sabotaging products to aid a government's espionage efforts, Russia-based Kaspersky was Huawei before it wasn't cool.
Meanwhile: Vermont announced it would wean the state off use of Kaspersky products, as well as ZTE and Huawei products. (StateScoop)
Our headline Tuesday night read "Microsoft: Fancy Bear targeted European think tanks." But it's worth noting that news story came to light in context of Microsoft expanding access to free security tools already offered to protect U.S. and Canadian groups "underpinning the democratic process" to 12 European nations.
Why it matters: Microsoft is one of a number of firms that offer free security products for elections (Google, CloudFlare and Synack are others). But the more widely known names offering this kind of service, the better.
Circa 1550. Original Artwork: An engraving by W Stukeley. Photo: Hulton Archive/Getty Images
Sandia National Lab announced Wednesday it had developed a system to trick hackers into improving network defenses against them.
Details: Active defense — creating fake networks and documents to slow hackers — is not a new concept in security, but it is currently a rapidly evolving one. Honeypots, fake networks used to observe hackers in their element, are also a tried and true technique.
The two-year project to create HADES was done in concert with security data analysis firm Splunk.
Codebook will return next week.