The IT Nerd

Yesterday, New York Governor Kathy Hochul proposed a new set of cybersecurity regulations that would apply to hospitals across the state. The proposal also included $500 million in funding to help healthcare facilities upgrade their technology systems to meet the requirements of the proposed rules.
 
If adopted by the Public Health and Health Planning Council this week, the regulations will be published in the State Register on December 6th requiring hospitals to implement infrastructure to defend against and prevent cyberattacks and develop incident response plans.
 
New York hospitals will also be required to:

• Establish a CISO role  
• Use MFA  
• Establish policies for evaluating and testing third-party security
• Run tests to ensure patient care would continue should there be an incident

“Our interconnected world demands an interconnected defense against cyber-attacks, leveraging every resource available, especially at hospitals,” Hochul stated.
 
“These new proposed regulations set forth a nation-leading blueprint to ensure New York State stands ready and resilient in the face of cyber threats.”

Emily Phelps, Director, Cyware had this to say:

   “Governor Kathy Hochul’s new cybersecurity regulations proposal for New York hospitals represents a significant step in reinforcing the resilience of healthcare facilities against cyber threats. Mandating the establishment of a Chief Information Security Officer (CISO) role and enforcing Multi-Factor Authentication (MFA) aim to fortify the defenses of healthcare systems.

   “With our interconnected world, it is true we need interconnected defenses. A crucial aspect is a focus on collective defense and software supply chain security in healthcare. Collective defense involves leveraging shared knowledge and resources to improve the overall cybersecurity posture of all involved entities. In healthcare, where organizations deal with sensitive data across modern and legacy systems, leveraging healthcare ISACs and trusted intelligence sharing help these entities become more proactive.

   “Furthermore, the emphasis on evaluating and testing third-party security is a proactive measure to secure the software supply chain. Healthcare organizations rely heavily on various software solutions and third-party services, making them vulnerable to supply chain attacks. Regular testing and policy establishment for third-party security will help mitigate these risks.”

Paul Valente, CEO & Co-Founder, VISO Trust follows with this:

   “The lack of funding for security within the healthcare sector has led to the industry becoming a primary target for cyber criminals.  Ransomware has become endemic with healthcare organizations, more frequently leaving them with no choice but to pay the ransom, rather than risk patient safety.  

   “Third-party risks pose significant challenges for hospitals due to their complex relationships with supply chain vendors and the evolving nature of cyber threats. Understaffing and outdated and complex techniques further hinder effective cyber risk management. Governor Hochul’s funding and requirements are just a starting point in safeguarding these institutions. It’s great to see New York taking the lead and it will be intriguing to see which states follow suit.”

Given that the negative outcome that can happen when cybersecurity in health care isn’t top of mind was in the news recently, this is a good move by New York State as prevention is better than pwnage.

Jointly, CISA, the Department of Homeland Security and FEMA have launched the “Shields Ready” initiative, a new campaign designed to encourage critical infrastructure (CNI) stakeholders to enhance cyber-resilience in their organizations.

Shields Ready is intended to complement the “Shields Up” campaign, which was focused on helping all organizations and individuals, Shields Ready is specifically about improving CNI processes.

The initiative urges CNI providers to:

• Understand infrastructure and dependencies
• Conduct comprehensive risk assessments
• Make actionable plans
• Measure progress and drive continuous improvement through testing

CISA director, Jen Easterly, highlight that it is vital for hospitals, schools, water facilities and other CNI entities, to have the resources they need to respond to and recover from cyber disruptions.

“By taking steps today to prepare for incidents, critical infrastructure, communities and individuals can be better prepared to recover from the impact of the threats of tomorrow, and into the future.”

Stephen Gates, Principal Security SME, Horizon3.ai had this comment:

   “In the context of the US government launching a new campaign to encourage critical national infrastructure (CNI) operators to enhance their cyber-resilience, one of the four key messages stands out as a considerable challenge: Conduct comprehensive risk assessments. This is more difficult than most people believe when organizations solely rely on humans to perform risk assessments. In fact, there are simply not enough qualified and certified risk assessment professionals available today.

   “Therefore, a paradigm shift in the mindset of CNI operators needs to happen. This shift includes augmenting their human-based risk assessments (often in the form of periodic penetration tests and regular scheduled vulnerability scans) with autonomous systems designed to discover where CNI operators are truly at risk. These systems operate autonomously, peruse network environments on their own, discover truly exploitable vulnerabilities, safely exploit what they discover, provide proof of compromise, and deliver expert guidance on how to remediate these risks – preemptively.

   “The first step to using these autonomous systems is assuming defenses have already been breached. Once that happens, these systems will help CNI operators find, fix, and verify that their exploitable vulnerabilities are drastically reduced, help measure progress, and drive continuous security improvement. This is not a one-and-done thing performed on an annual or periodic basis. Instead, it becomes part of everyday, good cyber-hygiene due care.”

Mike Barker, CCO, HYAS adds this comment:

   “The imperative nature of this initiative cannot be overstated. Investing in cyber-resilience now is an investment in safeguarding the continuity and security of our critical infrastructure in the face of evolving threats. “Shields Ready” serves as a beacon for organizations to fortify their defenses, enabling a more resilient and secure future for critical infrastructure and the communities they serve.”

Dave Ratner, CEO, HYAS follows up with this comment:

   “Improving processes and hardening systems is critical for any CNI organization but must be paired with the right solutions for resiliency in the face of continual onslaughts of threats and attacks; that’s why it makes complete sense to pair the Shields Up initiative with Shields Ready. Only through a complete security-in-layers approach will critical infrastructure really be properly prepared for and resilient against cyber intrusions.”

This is another one of those first steps that is long over do. What everyone needs to do is to keep taking steps to harden CNI so that it is a less attractive target for threat actors.

In a recent White House proclamation, November has been designated as Critical Infrastructure and Resilience Month. This annual observance is aimed at raising awareness and engaging all levels of government, infrastructure owners/operators, and the American public in understanding the crucial role played by critical infrastructure in the nation’s health and well-being. It emphasizes the importance of bolstering security and resilience in critical infrastructure.

CISA underlined the significance of the initiative, emphasizing the need for organizations to protect their systems and networks. Dr. David Mussington, CISA’s Executive Assistant Director for Infrastructure Security, offered valuable advice, which includes:

• Assess Your Risk. Organizations should identify their most critical functions and assets, define dependencies that enable the continuity of these functions, and consider the full range of threats that could undermine functional continuity.
• Make a Plan and Exercise It. Organizations should perform dedicated resilience planning, determine the maximum downtime acceptable for customers, develop recovery plans to regain functional capabilities within the maximum downtime, and test those plans under real-life conditions to ensure the ability to operate through disruption.
• Continuously Improve and Adapt. Organizations should be prepared to regularly adapt to changing conditions and threats. This starts with fostering a culture of continuous improvement, based on lessons learned from exercises and real-world incidents, and evolving cross-sector risks.

CISA provides a “Critical Infrastructure Security and Resilience Month Toolkit” that offers a broad range of resources.

Dave Ratner, CEO, HYAS has this comment:

   “I applaud the White House for realizing how important the topic of resilience is for critical infrastructure across government and private enterprise. Gone are the days where we could reliably and confidently say that we can keep all criminals and bad actors out of the network. The reality of today is that organizations must be resilient against the onslaught of constant intrusions, and there is nothing more important for the health, well-being, and safety of people than the various critical infrastructure industries.”

Emily Phelps, Director, Cyware adds this comment:

   “The White House’s designation of November 2023 as Critical Infrastructure and Resilience Month is a great initiative for national security. This dedication to raising awareness about the criticality of infrastructure resilience underscores the reality that the robustness of these systems is integral to our society. Moving to a proactive stance when implementing and adapting cybersecurity strategies is crucial to outpacing an ever-evolving adversary. CISA’s call for a culture of continuous improvement to anticipate and counteract evolving cyber threats is a great step to educate and build momentum around modernized cybersecurity strategies.”

Mike Barker, CCO, HYAS follows with this comment:

   “The designation of November as Critical Infrastructure and Resilience Month marks a pivotal step in recognizing the fundamental role critical infrastructure plays in our nation’s stability.  It’s crucial that we take advantage of this designation and elevate awareness and participation across all sectors to fortify the resilience of these systems.  Assessing risks, meticulous planning, and regular adaptation are key in ensuring preparedness against evolving threats.”

Anything that brings light to the fact everyone needs to build resiliency into everything possible is a good thing. Which is why I applaud The White House for doing this. Hopefully everyone is paying attention.

According to the ISC2 2023 Cybersecurity Workforce Study released this week, the global cybersecurity workforce gap has increased by 12.6% since 2022 reaching four million people.

Despite an 8.7% increase in the global cybersecurity workforce compared with 2022, reaching 5.5 million professionals, of professionals surveyed, 92% said they had skills gaps in their organization and 67% reported a shortage staff needed to prevent and troubleshoot security issues.

47% of respondents said they had experienced cyber-related cutbacks in the past year, including layoffs, budget cuts and hiring or promotion freezes, and, of that group, 22% were impacted by layoffs, both first- and second-hand.

Furthermore, 47% of respondents admitted they have no or minimal knowledge of AI and risks associated while AI and emerging technologies was cited as the biggest challenge facing cybersecurity professionals over the next two years (45%), followed by worker/skill shortages (43%).

Encouragingly, 52% of cyber professionals said their organizations are encouraging the use of AI internally and that advancements in AI is the third most positive impact on their ability to secure their organization, behind zero trust (34%) and automation (40%).

Dave Ratner, CEO, HYAS:

   “The combination of the cybersecurity skills gap, overall personnel shortage, and rising and increasingly sophisticated attacks is a perfect storm for bad actors and nefarious activity.  Without solutions like Protective DNS to automatically pinpoint and identify anomalous activities, organizations are increasingly at risk for exploitation, and are one of the only ways to confidently address the growing storm.”

This skills gap is a threat to us all as it gives more opportunities for threat actors do all sorts of evil things. Everyone needs to address this or we’ll be in all sorts of trouble that there will be difficult to exit from.

This week, the White house is hosting the third International Counter Ransomware Initiative (CRI) summit bringing together 48 countries, the EU and Interpol to discuss several new initiatives including a pledge from member states not to pay ransoms.

The CRI will begin using a new information sharing platform enabling member countries to easily exchange details of threat indicators so “if one country is attacked, others can quickly be defended against that.” Officials hope to establish “collective threat information to enable countries to better and more effectively defend themselves.”

Also, debuted is a new project leveraging AI to analyze blockchain as a way of identifying illicit funds used to pay ransomware demands. CRI will also share a “blacklist of wallets” through the U.S. Department of Treasury to track where illicit funds are flowing so officials can “alert their virtual assets service providers to block or freeze those transactions.”
 
Also, the CRI will offer “innovative mentorship and tactical training” programs for newer members, citing how Israel has coached Jordan on countering ransomware as one example.

Stephen Gates, Principal Security SME, Horizon3.ai had this comment:

   “Not paying criminals the ransoms they demand and following the money trail is an honorable initiative to undertake. However, non-government organizations like financial services, higher education, healthcare, manufacturing, retail, gaming, and many others have been forced to pay ransoms so they could get their operations back up and running. Their livelihoods have been at stake. The impact on commercial organizations not paying their ransoms may end up being worse than the alternative.

   “Therefore, a paradigm shift in the mindset of all organizations needs to happen. That shift includes augmenting their completely defensive security approach with an offensive approach designed to actually find where they are most vulnerable to human-operated ransom-based attacks and fixing those issues before they fall victim. This preemptive security approach, using specifically designed autonomous systems, can majorly reduce the likelihood of falling victim to a targeted attack.

   “The first step to using these autonomous systems is assuming your defenses have already been breached. Once that happens, these systems will help you find, fix, and verify that your exploitable vulnerabilities are drastically reduced. This is not a one-and-done thing performed on an annual basis. Instead, it becomes part of your everyday, good cyber-hygiene due diligence.”

Any effort to disrupt the flow of money to ransomware gangs is a good thing. So is co-ordinating with allies on that. Hopefully this effort bears some fruit and put these gangs out of business.

According to the Identity Theft Resource Center’s 2023 2023 Business Impact Report, of the 551 US small business owners and employees interviewed, 73% reported a cyber-attack last year targeting employee and customer data.  

Despite only 20-34% following cybersecurity best practices such as MFA, mandatory strong passwords or role-based access, 85% of respondents said they felt ready to respond to a cyber incident. 50% claimed to have taken steps to prevent future breaches through training (65%) and utilizing new security tools (53%).

Although the overall number of small businesses suffering a financial impact from a cyber-attack dropped three percentage points from last year to 42%, more respondents said they saw other impacts, such as customers losing trust (32%) and higher employee turnover (32%).

“The good news is that small business leaders are focused on data security and privacy protection. However, we still have a lot of work to do. We must accelerate the transition to newer protections and continue to develop new resources to assist victims based on solid research and unmistakable evidence,” ITRC president, Eva Velasquez said.

George McGregor, VP, Approov Mobile Security had this to say:

   “This is disappointing, with very poor levels of implementation of basic best practices and only half of the companies taking steps to stop breaches.

   “I also think the “good news” in the report – a reported reduced financial impact of breaches – is  probably not to be taken too seriously either. If self-reported it may not be accurate.

   “There will be more and more pressure on small businesses as new reporting requirements come into force and they will be forced to take the issue of cybersecurity more seriously.”

I deal with a number of small businesses. Some get cybersecurity and some think that they aren’t big enough to be to be a target. Or they don’t have the resources to make a serious effort in terms of protecting themselves. All of that is wrong and needs to change in a hurry before something happens that makes them rethink their stance on this.

A study of Ransomware attacks on healthcare companies, directly dealing with patients and their data over the past seven years, the cost in downtime alone hit a staggering $77.5 billion dollars.

The report by Comparitech reviewed 539 confirmed ransomware attacks on US healthcare organizations, affecting some 52 million patient records and 10,000 separate facilities. The report covers the period form 2016 – 2023.

The impact of a forced shutdown on healthcare providers can be catastrophic, crippling key systems and preventing them from accessing patient data.  

The study shares the example of CommonSpirit Health, an Illinois-based healthcare system with 142 hospitals and more than 700 care sites, that suffered a ransomware attack in October 2022. For just this one provider, the cost of the attack so far has hit over $160 million and rising. That attack took 400 care sites offline for three weeks.

Key Findings in study:

• 539 separate ransomware attacks on medical organizations
• 9,780 separate hospitals/clinics/organizations affected
• 52,298,595 individual patient records were impacted
• Ransomware amounts varied from $1,600 to $10 million
• Downtime varied from minimal disruption (thanks to frequent data backups) to months upon months of recovery time
• Average of 14 days downtime for a total of 6,347 days.
• Hackers demanded more than $39 million across 34 attacks and received payment in 31 out of 160 cases where the medical organizations disclosed whether or not they paid the ransom. They are more likely to disclose that they haven’t paid the ransom than if they have)
• The overall cost of these attacks is estimated at around $77.5 billion
• Conti, Maze, Hive, Pysa, and LockBit were the most prolific hackers. The first three dominated in 2020/21 with Hive taking over in 2022 and LockBit accounting for the most attacks so far this year

Jan Lovmand, CTO, BullWall had this comment:

  “These findings are deeply concerning and not surprising. The financial toll of $77.5 billion is substantial, but the real human cost is immeasurable. This is a full-on battle. Ransomware attacks on healthcare facilities pose a grave threat to public health and safety. These assaults not only shut down delivery of critical medical services, causing delays in essential surgeries and treatments that jeopardize patients’ lives, but they also breach the sanctity of sensitive patient data. The aftermath of such attacks can be catastrophic, leaving hospitals grappling to recover their data and regain control over their systems. Whether the ransom is surrendered or not, the toll in both financial losses and compromised patient care deals a crippling blow to these already strained institutions.”

   “Hospitals and healthcare organizations have a bullseye painted on them in the eyes of cybercriminals. A heavy reliance on technology to manage a huge range of functions, from patient records to surgical equipment, provides a vast attack surface of uniquely susceptible targets. This vulnerability is further exacerbated by their meager resources allocated for bolstering cybersecurity defenses. However, with ransomware showing no sign of abating, it is imperative to invest in countermeasures that can stop these attacks without necessitating a complete shutdown of IT systems and healthcare services. A good Ransomware containment defense and off-site backups are table stakes.”

Emily Phelps, Director, Cyware follows with this:

   “Healthcare continues to be one of the most targeted industries because of their valuable data and limited security resources. Because of the complexity to secure vast organizations that maintain new and legacy systems, adversaries can exploit gaps in their defenses. With advanced technologies such as AI, threat actors can also operate faster, further complicating an already difficult situation for these healthcare entities.

   “To mitigate the risks, healthcare organizations must be able to move from a reactive to a proactive security posture. To do this, they need access to relevant, context-rich threat intelligence which helps them understand what threats should be prioritized – healthcare ISACs can help provide this to organizations that become members. But the intelligence must also be prioritized and orchestrated appropriately in order to take meaningful action. Security orchestration and collaboration, combined with automated threat intelligence platforms help ensure the right information gets to the right people at the right time.”

I’ve said it before and I’ll say it again. With the exception of education, healthcare is a prime target for threat actors. Those in healthcare need to do everything possible to reduce their attack surface as it’s high time that they stop being prime targets.

By Ray Blakney, creator of the 9 Year Letter™ Method 

With October Cybersecurity Awareness Month in full swing, now is the perfect time for you to analyze if you are doing all you can to keep your company safe from online threats. From phishing schemes to data breaches, hackers and con artists are constantly devising new ways to defraud businesses. So whether you run an online store or a multinational company, safeguarding against cyber attacks should be of utmost importance. 

In my journey as the creator of the 9 Year Letter™ Method (a goal-setting system for the 4 pillars of life – relationships, financial, health, and fun), I have discovered a number of ways both new and established business owners can maximize their cybersecurity. Here are 6 online safety tips to follow this October Cybersecurity Awareness Month and beyond:

Use Strong, Unique Passwords for ALL Company Logins

The use of robust and distinctive passwords is the most straightforward yet sometimes disregarded part of cybersecurity. So many business leaders just use the same password for all of their logins, or variations of the same password, which puts their company’s data and financial health at risk. Your first line of defense against unauthorized access is a password, so here are helpful ways to boost your password security:

• Complexity Matters: To ensure the security of your password, use a length of 12 characters. It should include a combination of uppercase and lowercase letters, numbers, and special symbols. By incorporating this level of complexity, it becomes challenging for hackers to break your password using brute force attacks.
   
• Avoid Predictability: Avoid using passwords such as “password123,” “admin,” or “letmein.” Additionally, it’s crucial to refrain from creating passwords based on information like your birthdate, name, or business name.
   
• No Reusing: It’s vital to avoid using the same password for different platforms or accounts. If one account gets hacked, it puts all your accounts at risk if they share the password.

Keep Software and Plugins Up to Date

In the fast-paced business world, it is extremely important to keep your software and plugins up to date. When software versions become outdated, they unintentionally become points that can be exploited by hackers. Software developers address these vulnerabilities and release updates to protect against cyber attacks. Therefore, neglecting timely updates leaves businesses exposed and more susceptible to security breaches.

It’s not just the core software that requires attention; plugins and third-party applications on platforms like WordPress, Joomla or Drupal also need careful monitoring and regular updates. Thankfully, with advancements in technology, there are now automated tools that simplify the updating process and reduce the need for checks. Utilizing these tools ensures that your software constantly reinforces its defense against cyber threats.

Implement SSL Encryption

Take measures to ensure the safety of information exchanged between your websites and users. One essential tool to use is SSL (Secure Socket Layer) encryption. This digital shield acts as a safeguard for data like login credentials, your customers’ credit card information, and personal details as they travel across the internet landscape.

You can easily identify a website using SSL encryption by looking for “https://” in its URL. The ‘s’ in “https” represents security and signifies a protected environment for transmitting data. You may also notice a padlock icon in the URL, which provides reassurance of SSL’s protective embrace.

For businesses that haven’t yet adopted SSL, it’s essential to obtain an SSL certificate. Besides providing security benefits, it also will enhance your website’s credibility among visitors. In an era where trust holds so much value, having an SSL certification serves as a symbol of reliability. Furthermore, it may have advantages like improving the website’s search engine optimization (SEO) ranking, resulting in increased visibility in search engines and higher organic traffic.

Conduct Regular Backups

Regular backups are extremely important for businesses. They act as a safety net that protects businesses from cyber threats and unexpected challenges. Whether it’s an attack, accidental data loss, or any other unforeseen problem, having up-to-date backups ensures that business operations can continue without interruption. It’s crucial to maintain backups that include website content, databases, important configurations, and all other essential data.

An effective strategy is to store these backups securely, off-site from onsite dangers. However, it’s not enough just to create backups – it’s equally important to test them for reliability and functionality. This ensures that they are not just stored archives, but also that they can actually be used for recovery when needed.

Limit User Permissions

It is paramount to prioritize the principle of privilege (PoLP) especially when granting user access. The core idea behind this principle is to restrict user permissions to what’s necessary for them to effectively carry out their assigned tasks. By following this approach, businesses can ensure that they do not unintentionally provide avenues for security breaches.

Sometimes, organizations may grant access to a range of users or administrators in an effort to simplify administrative processes. However, this can become a vulnerability. Granting access should be the exception rather than the norm. By assigning and regulating roles and permissions, businesses can significantly reduce the risks associated with activities, data breaches, or accidental errors.

This focused approach serves as a deterrent against threats. When permissions are streamlined and closely monitored, it becomes incredibly difficult for malicious individuals within the organization to cause harm, make changes, or gain access to data. By ensuring that each individual only possesses the access they truly need, companies establish a more resilient defense infrastructure.

Leverage AI for Threat Detection

Online platforms often deal with a vast amount of data that is impractical and inefficient for humans to manually monitor and manage. Luckily, artificial intelligence has revolutionized the data monitoring process. AI has the ability to process enormous amounts of data quickly, making it an invaluable asset in modern cybersecurity strategies. AI-powered tools delve into real-time data to quickly identify anomalies and patterns that may go unnoticed by humans but could indicate security threats or impending cyberattacks.

Furthermore, AI goes beyond enhancing threat detection; it also greatly speeds up response mechanisms. The effectiveness of AI guarantees that dangers are not only discovered, but also swiftly dealt with in situations where every second matters. 

AI’s predictive capabilities are truly game-changing. It can anticipate threat vectors, allowing businesses to proactively adopt security measures and strengthen their systems before a threat materializes. In essence, AI isn’t merely a tool; it serves as an ally in the battle against cyber threats.

To Wrap It All Up

October Cybersecurity Awareness Month is the perfect time for you to amplify your business’s online safety measures. Using strong and unique passwords for all logins, keeping software and plugins up to date, implementing SSL encryption, leveraging AI for cyber threat detection, and limiting user permissions are just a few ways you can safeguard your business. 

By implementing these measures and by fostering a culture of cybersecurity awareness within your team, you will protect your company’s assets, its hard-earned reputation, and its promising future.

Ray Blakney has nearly two decades of business experience that have included starting, growing and leading over a dozen profitable companies along with hundreds of staff from across the USA and Latin America. His newest venture, Kairos Venture Studios, is on a mission to bring a fresh take to online businesses in the Latin American market by launching 12 new businesses in the region each year. A renowned business coach/mentor/advisor, Ray is also the creator of the 9 Year Letter™ Method (a goal-setting system for the 4 pillars of life – relationships, financial, health and fun). https://9yearletter.com/

This is a follow up to a story that I wrote recently on this topic. This week there was a seizure of 17 website domains allegedly used by North Korean IT workers in a scheme to defraud U.S. and foreign businesses, ultimately funding the DPRK government’s weapons programs:

The United States said on Wednesday it has seized 17 website domains used by North Korean information technology workers in a scheme to allegedly defraud businesses, evade sanctions and fund the development of North Korea’s weapons program.

The seizures took place on Tuesday pursuant to a court order in Missouri, the U.S. Justice Department said in a statement.

The United States has alleged that North Korea oversees thousands of IT workers around the world, primarily located in China and Russia, with the aim of deceiving U.S. and other businesses worldwide into hiring them as freelance IT workers, in order to generate revenue for its weapons of mass destruction and ballistic missiles programs.

North Korea has “flooded the global marketplace with ill-intentioned information technology workers to indirectly fund its ballistic missile program,” the Justice Department said on Wednesday, urging employers to be cautious.

Related to that, there’s now additional guidance for US businesses to make sure that they don’t fall for North Korean IT workers trying to scam their way into US businesses.

Ken Westin, Field CISO, Panther Labs had this to say:

This deals in the realm of insider threat and isn’t something security should be responsible for alone, this type of threat requires collaboration between security and HR. In these cases either someone was not conducting background checks properly or ata all, or the North Koreans did a really good job at opsec for these individuals with fake identification and more. Although the awning of money to North Korea is a concern, I think the larger threat is missed, we had potential North Korean spies in many organizations IT infrastructure with access to sensitive data and one has to wonder if they weren’t also conducting cyber espionage.

As usual the North Koreans are up to no good. Which means that everyone needs to be on the look out for this scheme, or any other scheme that they come up with as they clearly are a very determined adversary.