“Weekend Briefing” is a weekly newsletter sent to subscribers of The Readable every Friday. Our journalists select important news items from the previous week on topics ranging from privacy to policy development in cybersecurity, all to help you stay abreast of the latest breaking issues. And not only is this provided free of cost to our subscribers, but the briefing contains new content exclusive to subscribers, such as our insightful industrial reports.
As one of the earliest entrepreneurs in modern Korean history, Hyundai Group’s founder Chung Ju-yung remains a symbol of success more than two decades after his death in 2001. Throughout the legendary journey of the company’s remarkable growth, Chung left numerous quotes about success, often accompanied by real-life episodes. One such example is his statement, “Anything is possible for a person who thinks it is possible,” made during Hyundai’s construction of Saudi Arabia’s Jubail Port in 1976.
Chung was born in 1915 in a small village called Asan. The name of the village became his pen name and is now included in all organizations established by his legacy, including the Asan Institute for Policy Studies. Founded in February 2008, this independent research organization has become one of the most influential think tanks in South Korea. This week, in collaboration with the Washington-based Center for a New American Security (CNAS), the Asan Institute for Policy Studies held a Cybersecurity Forum. The event featured critical analyses of the cyber landscape, with top officials and experts from the Indo-Pacific region serving as panelists. I witnessed how Chung Ju-yung’s legacy continues to influence the realm of cybersecurity, which may be the most significant challenge of our time.
Six additional stories cover topics such as phishing, spyware, children’s data, zero-day vulnerabilities, and internet of things (IoT) security. Brilliant reporters on my team delved into each subject, meeting with top experts in their respective fields. We hope you enjoy our findings.
This is Dain Oh reporting from South Korea, and here is your weekend briefing.
1. Top think tanks in South Korea and US discussed cybersecurity amid global tensions
Seoul, South Korea―Two prestigious think tanks, one based in South Korea and the other in the United States, convened in Seoul on Thursday to explore the current state of the cyber landscape in the Indo-Pacific region amidst shifting geopolitical power dynamics.
On June 27, the Asan Institute for Policy Studies, in collaboration with the Center for a New American Security (CNAS), hosted a Cybersecurity Forum in Seoul, drawing dozens of in-person participants. Both organizations are renowned as independent and non-partisan think tanks, wielding significant influence in shaping policy strategies within the domains of national security and international relations.
Earlier in the day, senior officials in the cybersecurity sector from both countries held a closed-door meeting at the Asan Institute for Policy Studies. The afternoon session was open to the public, welcoming journalists and researchers alike.
During the forum, expert strategists from both organizations voiced concerns about North Korea potentially escalating its cyber activities following the Putin-Kim summit, noting that the alliance could serve as a confidence-building opportunity for North Korea. READ MORE
2. Privacy expert highlighted regulation as key to protecting children’s data
On Tuesday, a privacy expert emphasized the crucial role that regulation plays in protecting the personal information of children, as they lack awareness of the potential risks associated with their online activities, leaving them especially vulnerable to exploitation.
In an online interview, Graham Doyle, Deputy Commissioner and Head of Corporate Affairs, People & Learning, Media and Communications at the Irish Data Protection Commission (DPC), discussed four significant decisions made by the organization since its inception in 2018. To date, the DPC has concluded 51 decisions after thorough investigations.
Among the four cases discussed in the interview, the deputy commissioner noted two decisions related to children’s personal information on the social media platforms Instagram and TikTok. In September 2022, following a two-year investigation, the Irish privacy watchdog imposed a fine of €405 million ($440 million) on Meta Platforms’ Irish arm, the parent company of Instagram. Their findings revealed that children’s private information, such as email addresses and phone numbers, was exposed publicly online to users of Instagram business accounts. READ MORE
3. Expert advocates global cooperation for transparent spyware ecosystems
A cybersecurity expert emphasized the importance of international cooperation to ensure transparency in the surveillance software ecosystem, asserting that such collaboration is crucial to prevent the unethical use of covert technologies, which, if left unchecked, could lead to irreversible consequences such as loss of privacy and erosion of public trust in governing institutions.
Yoon Sang-pil, a research professor at the School of Cybersecurity at Korea University, discussed real-world cases where surveillance software has been used in countries like Mexico and Saudi Arabia to suppress journalists and violate private citizens’ civil liberties. He delivered this speech during the inaugural Cybersecurity Law Forum, hosted by the Law and Policy Research Committee of the Korean Association of Cybersecurity Studies (KACS).
The research professor raised grave concerns about the potential impact of spyware on civil society. Notably, such surveillance technology is not limited to authoritarian regimes but also infiltrates democratic countries. READ MORE
4. Expert warns of Chinese hackers targeting APAC with zero-day vulnerability
Chinese nexus threat groups are showing increased interest in exploiting zero-day vulnerabilities, raising alarm across the Asia-Pacific region, which is a primary target for these malicious attacks, according to a cybersecurity expert on Tuesday.
Alex Shim, the consulting leader for South Korea and Japan at Mandiant, a Google-owned cybersecurity firm, highlighted prominent threats targeting the APAC region during a press briefing at Google’s South Korea branch. His presentation was based on findings from the company’s annual report, “M-Trends,” which analyzed global threats over the past year.
The expert emphasized the increasing focus of Chinese hacking groups on exploiting zero-day vulnerabilities—unknown security flaws that can be abused undetected, leaving developers no time to patch them. In particular, he highlighted the activities of a suspected Chinese cyber espionage cluster, designated by the company as an uncategorized (UNC) threat group 4841. Mandiant classifies threat actors as UNC if they do not fall into either the advanced persistent threat (APT) or financially motivated (FIN) categories. READ MORE
5. Securing IoT devices: The need for universal standards
On June 18, Jerome Hamel, head of Cybersecurity Technical Governance at Bureau Veritas Consumer Products Services (CPS), addressed the vulnerabilities of internet of things (IoT) consumer products at the ‘IoT Cybersecurity Seminar‘ hosted by ICTK, a South Korean security design firm. Hamel identified IoT devices as the weakest link in cybersecurity.
Hamel emphasized the fragmented nature of current IoT device regulations and the necessity for global standards. He suggested essential measures, such as enforcing strong passwords, disabling unused features before release, and mandatory device patching. According to Hamel, the lack of security considerations during the design phase—often because the designers are not cybersecurity experts—contributes to inadequate security measures. He predicted that global regulations would eventually become mandatory as cyber threats are universal and affect all nations. However, it is important to implement these standards as soon as possible to mitigate the growing threats. Hamel noted that many countries with existing regulations share similar foundational principles, which could serve as a basis for future unified standards. READ MORE
6. South Korea explores global future of quantum technology at annual event
Ilsan, South Korea―South Korean research institutions hosted an event aimed at exploring the future of quantum security, computing, and sensing.
Quantum Korea 2024 is a global event bringing together international quantum-related companies, researchers, and government organizations to discuss the latest trends in quantum technology innovation. This year marked the second convening of the event, which was held from June 25 to 27 in Ilsan, South Korea.
The event’s theme, “Quantum Connect,” emphasized the integration of quantum principles into everyday thinking, feeling, and communication. Key topics included quantum sensing, quantum computing, and quantum networking, with all topics highlighting various aspects of quantum technology. READ MORE
7. Qshing: The rising threat of QR code-based phishing
A QR code, short for Quick Response code, is a type of barcode that can be scanned by a smartphone to swiftly retrieve various types of information. It finds applications across numerous everyday scenarios such as making payments, purchasing electronic tickets, obtaining Wi-Fi access, and sharing business card details.
QR code technology was first developed in 1994 by Denso Wave, a Japanese automotive products company, primarily for tracking and managing car parts. Since then, its usefulness has expanded to include a variety of industries and applications, always for the purpose of sharing information efficiently. For example, during the COVID-19 pandemic, the QR code emerged as a valuable tool for identifying and verifying individuals. READ MORE
More stories this week…
8. [WSJ] IRS Apologizes to Billionaire Ken Griffin for Leak of Tax Records
9. [WP] $10M offered for Russian accused in ‘WhisperGate’ malware attack on Ukraine
10. [Reuters] Microsoft informs customers that Russian hackers spied on emails
11. [AP] Indonesia says a cyberattack has compromised its data center but it won’t pay the $8 million ransom
12. [Breaking Defense] China ‘actively’ targeting US industrial base, warns CYBERCOM chief
