Cybersecurity News that Matters

Cybersecurity News that Matters

[Weekend Briefing] Korean telecom giant leaked its staff information onto the dark web

by Dain Oh, Areum Hwang, Kuksung Nam

Sep. 30, 2022
10:55 AM GMT+9

Hello, this is Dain Oh and Kuksung Nam in South Korea. The Readable has picked four news stories for you. Have a great weekend!

1. Korean telecom giant leaked its staff information onto the dark web

One of the largest telecommunication companies in South Korea was confirmed to have leaked its employees’ personal information onto the dark web, which led to a government institution imposing penalties on the company on Wednesday.

LG Uplus, the third largest mobile operator in South Korea, was fined 6 million won ($4200) for a security violation which let its employees’ login credentials be exposed to the dark web. The security breach was first reported by a local journalist in December of last year, and an investigation followed when LG Uplus disclosed the incident to the Korea Internet & Security Agency under the nation’s privacy law.

According to a press release by the Personal Information Protection Commission, a hacker was able to access some of the internal webpages of LG Uplus without logging in. Through a structured query language injection, a type of cyberattack which a hacker uses to steal information from a victim’s database, the hacker acquired sensitive information of the company’s employees, including email addresses and passwords. Later, the hacker, whose ID was “mont4na,” uploaded the information to the dark web, intending to sell it.

Besides LG Uplus, the PIPC put sanctions on nine different organizations which were all found to have broken the privacy law. “Security breaches of personal information have been caused by not only an external attack, but also an internal mistake,” said Yang Cheong-sam, an investigation and coordination bureau director-general of the PIPC. “To prevent further breach, organizations should monitor their security posture constantly and educate employees in order to enhance their security awareness.”

2. Cyberattacks against small businesses surge in Korea

Almost nine out of 10 companies which suffered from cyberattacks in South Korea turned out to be small and midsized businesses, according to a press release by a congresswoman in the country. Her Eun-a, a member of the National Assembly of South Korea, disclosed a report on Thursday which was submitted by the Ministry of Science and ICT and the Korea Internet & Security Agency regarding cybersecurity incidents which occurred from January 2019 to August 2022.

While the total number of security breaches increased, small businesses experienced more cyberattacks than large businesses. According to the report, 665 small businesses reported cyberattacks, consisting 88% of the entire victims this year. Moreover, the number of victims in small and medium businesses have dramatically increased over the last four years. In 2019, 386 small and medium sized businesses reported a breach. The number kept growing until it reached 655 so far this year.

The total number of cyberattacks reported by South Korean companies was 738 this year, an increase of 76% compared to 2019. Among the types of cyberattacks that were reported, system hacking was found to be the most prevalent attack that South Korean businesses experienced this year, with a record of 428. Attacks that utilized malicious codes, including ransomware, came second. Distributed-denial-of-service attacks were also deployed to compromise businesses.

“The government has failed to suggest damage assessment standards for victims of cyberattacks, which leads to the failure of aggregating the nation’s damage,” said Her Eun-a. “To make the nation safer, the government should cooperate with the private sector and add more manpower to cybersecurity response.”

3. Hacking attempts targeting Korean military triple over five years

Designed by Areum Hwang, The Readable

South Korean military detected 42,847 cases of attempted hacking on its computer network from 2017 to 2021. More than eleven thousand hacking attempts were conducted last year trying to break into the military’s computer network, which is almost three times more than five years ago.

According to a press release on Tuesday by Lim Byung-heon, a member of the South Korean National Assembly’s defense committee, who received the data from South Korea Cyber Command, websites were the number one target for the attackers who tried to gain access to the South Korean military’s computer system. To read the original reporting, click here.

4. Korea, U.S. research teams join forces to fight ransomware

Source: Park Ki-woong, Sejong University

Cybersecurity researchers in South Korea and the United States will put their heads together with an aim to restrain ransomware attacks around the world. According to a press release by Sejong University, researchers at four different institutions of cybersecurity located in South Korea and the United States, including the University of Virginia and MITRE, will cooperate on ransomware research for the next two years.

The main objective of the research is to build an international platform for the sharing of information related to ransomware. To read the original reporting, click here.

Subscription

Subscribe to our newsletter for the latest insights and trends. Tailor your subscription to fit your interests:

By subscribing, you agree to our Privacy Policy. We respect your privacy and are committed to protecting your personal data. Your email address will only be used to send you the information you have requested, and you can unsubscribe at any time through the link provided in our emails.

  • Dain Oh
    : Author

    Dain Oh is a distinguished journalist based in South Korea, recognized for her exceptional contributions to the field. As the founder and editor-in-chief of The Readable, she has demonstrated her expe...

    View all posts
  • Areum Hwang
  • Kuksung Nam
    : Author

    Kuksung Nam is a journalist for The Readable. She has extensively traversed the globe to cover the latest stories on the cyber threat landscape and has been producing in-depth stories on security and...

    View all posts
Stay Ahead with The Readable's Cybersecurity Insights