Latest news with #KoreaInternet&SecurityAgency
Korea Herald
26-05-2025
- Business
- Korea Herald
Major S. Korean firms spend annual average of W2.9b on cybersecurity
South Korea's major companies spent an average of 2.9 billion won ($2.1 million) per year on information protection, industry data showed Monday. According to data from the Korea Internet & Security Agency and other sources, 10 local companies each invested over 100 billion won in cybersecurity over the past three years. Samsung Electronics Co. topped the list, spending a total of 712.6 billion won from 2021-2023, followed by telecom giant KT Corp., which invested 327.4 billion won during the same period. SK Telecom Co., the country's largest mobile carrier that recently suffered a large-scale data breach, came in third with 251.5 billion won in spending. Other companies in the top 10 include Coupang Inc., SK hynix Inc., LG Uplus Corp., Samsung SDS Co., Woori Bank, Naver Corp. and LG Electronics Inc. In 2022, the South Korean government mandated that companies operating network infrastructure or generating over 300 billion won in annual sales disclose their cybersecurity investment. A total of 746 companies reported their spending on information protection for 2023, investing a combined 2.1 trillion won, up from 1.5 trillion won by 658 firms in 2021. The average annual spending per company increased 24.5 percent from 2.3 billion won in 2021 to 2.9 billion won in 2023. However, experts warn that many South Korean firms remain highly vulnerable to cyberattacks due to relatively weak security capabilities. "In terms of investment, most companies in Korea have far lower security capabilities than SK Telecom, which was the latest victim of a cyberattack," one industry insider said. "Many are more vulnerable to advanced hacking techniques, and some may have already been breached without even knowing it. Companies need to stay alert and undergo thorough security checks." (Yonhap)
Korea Herald
21-05-2025
- Korea Herald
[Editorial] Hole in cybersecurity
SK Telecom breach dates back 3 years; Malware indicates China-based hacking The nation was jolted by interim probe findings that personal information and universal subscriber identity module or USIM data of practically all subscribers of SK Telecom may have been leaked by hackers. The cyberattack dated back about three years and turned out to be much more extensive than revealed in the initial briefing, according to the second briefing Monday by a joint investigation team of the Ministry of Science and ICT and the Korea Internet & Security Agency. SK Telecom discovered the breach about a month ago, on April 18. Leaked USIM data amounted to 9.82 gigabytes. which equates to roughly 26.9 million units of international mobile subscriber identity or IMSI numbers. This means that the USIM data of practically all SK Telecom subscribers has been leaked. Currently, it has 25 million subscribers, including 2 million budget phone users. A total of 23 SK Telecom servers were found to be compromised by malware, up from the five disclosed in the previous briefing held on April 29. The number of malware variants found to have infected the servers increased from four to 25. Among the affected servers, two had been used as temporary storage for personal data, such as names, birthdates, phone numbers and email addresses, as well as data on international mobile equipment identity or IMEI, a serial number assigned to every mobile phone. The possibility of financial fraud and other forms of secondary damage from copy phones has gone up. Investigators found that hackers planted malware on June 15, 2022. It is shocking that not only the telecom carrier but also the government and private cybersecurity firms had remained in the dark about the malware's infiltration for about three years. There is another problem. How much damage the cyberattack will cause down the road is anyone's guess. SK Telecom reportedly keeps log data for the last four or five months. So, no log data is available for the period from June 15, 2022, when malware was first planted, to Dec. 2, 2024. Fortunately, no evidence was found showing any data leakage between Dec. 3, last year and April 24 of this year, but investigators could not confirm whether any leaks occurred during the period for which log data is not available. It is worth noting that 24 of the 25 malware variants detected this time were found to be BPFDoor, a backdoor reportedly used by China-based hackers to attack Middle Eastern and Asian telecom companies in recent years. Experts warn that this malware could be used for a cyberattack on the communication infrastructure of a country. Given that data on all SK Telecom subscribers may have been leaked for as long as three years, the breach is not likely to emerge as a simple hacking case. It is uncertain whether the incident was an organized cyberattack to cripple the communication system of a country rather than an attempt to steal money. Considering the cyber intrusion was not detected for so long, anybody can guess a similar thing may be happening at other communication networks or major institutions. Communication infrastructure is one of the cruxes of state administration. Cyberattacks could paralyze it secretly, plunging a nation into chaos. The SK Telecom breach reconfirms how vulnerable South Korea has become to such vital attacks. SK Telecom bears the primary responsibility for protecting its system from hacks, but the government needs to check the nation's cybersecurity this time. Also, the National Assembly should do its part to help telecom carriers fend off cyber infiltrations from abroad. One of the laws that it needs to revise is its espionage law, which only punishes spying activities done for North Korea. Recently, two Chinese nationals were caught photographing fighter jets near air bases in South Korea but released after telling police that photographing was their hobby. Police say there was no evidence that they did so for North Korea. China or the US would likely respond quite differently. For a nation to keep its sovereignty, security must be tight, cyber or not.
Korea Herald
22-04-2025
- Korea Herald
SK Telecom systems breached in cyberattack
SK Telecom, the country's largest telecommunication firm, confirmed Tuesday that its internal systems had been breached by a hacking attack, indicating a possible data leak involving USIM cards. The company said it had reported the case to the Korea Internet & Security Agency, adding that there have been no confirmed cases of the leaked information being misused. The mobile carrier detected suspicious activity around 11 p.m. on Saturday, indicating that hackers had infiltrated its internal systems and installed malware. Upon detection, the company said it immediately removed the malware, isolated affected equipment and launched a full-scale investigation across its systems. As a precautionary measure, the company is also reinforcing its defense against illegal USIM swaps and abnormal authentication attempts. The company said it will also offer a USIM protection service free of charge to customers upon request. "We will strengthen our company-wide security system to prevent recurrence and implement measures to restore customer trust," SK Telecom said in a statement. Following the incident, the Ministry of Science and ICT and KISA have launched an investigation into the scope and cause of the data breach, while also forming an emergency response team. "We have requested that SK Telecom preserve and submit relevant data related to the breach, and KISA experts have been dispatched to the site to provide technical support aimed at identifying the cause and preventing further damage," the ICT Ministry said. If the incident is deemed a violation of Article 29 of the Personal Information Protection Act, which mandates implementation of security measures, SKT could face legal sanctions. Under Article 64-2 of the Act, fines of up to 3 percent of the related revenue may be imposed. If the breach is deemed minor, authorities may opt to impose an administrative fine rather than pursue harsher penalties. Under the Enforcement Decree of the Personal Information Protection Act, leaks involving over 1,000 records can result in fines of up to 50 million won ($35,200), with the amount adjusted based on the nature and severity of the violation.
Korea Herald
22-04-2025
- Korea Herald
SK Telecom reports hacking incident involving partial leak of user USIM data
SK Telecom Co., South Korea's leading mobile carrier, said Tuesday it has reported a hacking incident involving the partial leakage of information related to customers' universal subscriber identity module data. The company confirmed that it detected signs of unauthorized network access on Saturday, triggered by malicious code apparently inserted by an unidentified hacker. SK Telecom said it has launched a full investigation into the breach. No cases of misuse have been reported so far. Upon identifying the breach, the company said it immediately deleted the malicious code and isolated the network system in question. It also notified the Korea Internet & Security Agency and the Personal Information Protection Commission of the incident. The company has published a notice on its website informing customers of the breach while offering USIM protection services free of charge for customers who wish to take security measures. (Yonhap)
Forbes
25-03-2025
- Forbes
Samsung Updates Millions Of Galaxy Phones To Stop Attacks
Is this the fix we're waiting for? Your phone is now at risk from Chinese attacks sweeping across America from 'state to state.' These threats come by way of malicious texts crafted to steal your money and even your identity. But if you're a Galaxy owner, maybe Samsung has the fix. The Galaxy-maker has been working on a solution for malicious texts with Korean communication and security agencies since last year. Now it is hitting users' devices. Per local reports, the Korea Communications Commission has confirmed 'it has developed an 'AI based malicious message blocking feature' in collaboration with the Korea Internet & Security Agency (KISA) and Samsung.' This will come with Android 15 and One UI 7, and unsurprisingly the new Galaxy S25 will get it first. It will then be available to other flagships once they're upgraded. This arrives in Korea as American media warns SMS scams are 'out of control across the U.S., and Apple, Android can't do anything to stop it.' It needs a wider deployment. This new security update 'is an AI-based technology that automatically blocks messages containing suspicious content on smartphones. It categorizes and blocks illegal spam messages that include sender numbers deemed to be malicious and risky links (URLs).' If that works as billed, then Samsungs may be first to kill the road toll, undelivered packages and other smashing attacks now 'spiraling out of control' in America. Attackers rotate numbers to beat blocks. But these are driven by phishing kits and include malicious links from clearly dubious URLs and telltale wording. This should be child's play for sophisticated on-device AI to eradicate once and for all. Clearly this will need to be adapted for regional variations, but this is AI and should be able to adapt to widen its aperture as it rolls out more widely. Between this and Google's new anti scam defenses that are coming first to Pixels, users will be better protected. The recent federal, state and local law enforcement warnings for Americans to delete these texts which seem to easily bypass current defenses has raised the profile of so-called smishing. The pressure is now on phone maker as to deploy solutions. When it goes live in Korea, 'users can selectively unblock or check blocked malicious messages, messages blocked by AI, and messages they have blocked in case they need to receive automatically blocked messages.' We await news on any wider rollout.
