author photo
By Bruce Sussman
Wed | Jun 13, 2018 | 11:37 AM PDT

The historic handshake and meeting between President Trump and Kim Jong-un is over.

But what about the surge in malware that very likely slammed Singapore where the summit was held? Has that subsided?

I'm wondering about this because of a recent interview I did last week with an intriguing research scientist at one of our regional cybersecurity conferences, SecureWorld Chicago.

Kenneth Geers is the Chief Research Scientist for Comodo Security Solutions, and he's tracked sudden spikes of malware that follows Donald Trump around the globe, along with similar spikes that followed former Secretary of State Rex Tillerson.

Spikes in malware also happened when Trump launched a war of words against North Korea and when Kim Jong-un launched missiles over Japan. The list goes on and on.

"Malware is super dynamic, it's changing all the time, but it is a reflection of human affairs," says Geers. You really should listen to this brief interview:

"In the case of North Korea, I dropped it (the malware spike) on a timeline and then there was one huge spike in the middle of the year and literally, it was the day after Donald Trump was at the UN threatening to destroy North Korea," he says.

"And one of the things I found is that the single highest day for malware detection in North Korea was the very day that Donald Trump was in South Korea. Those are not coincidences."

He shared other examples during our interview.

Why malware spikes when Trump, Kim, or other world leaders act

There could be a few reasons malware rates spike around prominent world leaders. Perhaps it's because their visits, controversial statements, or actions, shine a light on a specific place. 

Another theory Geers has? Reconnaissance plays a huge part in each spike.

"My basic hypothesis in this kind of geopolitical analysis is that we’re looking at cyber espionage. When there’s a really big event like a North Korean missile launch over Japan, there’s at least a dozen intelligence services that are very interested in gathering information very quickly on what’s happening.”

For your organization: an additional way to think of malware

So what are you supposed to do with this information that malware attacks skyrocket with major geopolitical events? 

Says Geers, "Know, for your enterprise, if there is something happening in your city or state, or an election or military tension between your country and another, there will be malware that is on the rise, I can promise you that, within your space."

This means you can give your security team a heads up to watch for malware spikes when a big event hits your corner of the world or involves your organization.

"I love understanding how it works from a who and why. Malware is always written by a threat actor for a particular purpose."

And you can bet that Kenneth Geers is on the case, trying to figure out what the purpose is, where the malware spikes are happening, and what we can learn from it all.

[Image: Kirkchai Benjarusameeros / Shutterstock.com]

Comments