[Weekend Briefing] South Korea gears up for cybersecurity

By Kuksung Nam and Dain Oh, The Readable
Jul. 15, 2022 7:13PM KST

Hello, this is Kuksung Nam and Dain Oh for The Readable. July is the month of cybersecurity in South Korea, and this year’s commemoration attracted unprecedented attention because the president of South Korea attended the event in person for the first time. Cybersecurity has become one of the most important issues in Korea, like in many other countries, and we have seen great progresses, especially this week. Among them, we picked five news stories for you. Enjoy our briefing and have a beautiful weekend!

1. South Korean President Attends Cybersecurity Commemoration

South Korean President Yoon Suk-yeol attended an annual cybersecurity commemoration, which was held in the Pangyo Information Security Cluster on July 13. It was the first time for a president of South Korea to attend this event in person in eleven years. During his speech, President Yoon promised that the government will foster cybersecurity into a strategic industry by educating 100,000 talented personnel, specializing in cybersecurity. In addition, he emphasized that the government will focus on building an information sharing system between the public and private sectors in order to effectively respond to cyber threats. The annual cybersecurity commemoration was first held in July 2012, when the South Korean joint ministries announced that they would set a cybersecurity anniversary on every second Wednesday of July. In July 2009, South Korea suffered a massive distributed denial-of-service (DDoS) attack, which paralyzed some of the major websites in the nation, including government and financial institutions.

2. South Korea Slams Government Workers Over Personal Data Misuse

The South Korean government Thursday said it will show no mercy to government workers who abused confidential databases to get personal information on ordinary people. “If a government employee deliberately breaches or misuses the private information of the public, that worker will face termination under the ‘one strike you’re out policy,’” the Personal Information Protection Commission said in a statement. The strict policy came after several criminal cases involving abuses of confidential databases by state employees occurred over recent years. Especially last year, South Korean police discovered that from January 2020 to October 2021, a state employee delivered personal information that he obtained through the state’s vehicle database to a private investigator whom he met on Telegram. The private investigator sold one piece of information to a twenty-five-year-old South Korean male who used that information to commit a crime, according to a local media report.

3. South Korea Takes a Step Forward to Protect Child Privacy Online

The Personal Information Protection Commission (PIPC) on Monday said that the South Korean government is pushing actions and policies to help safeguard children’s privacy online. According to the 19-page “Child and Youth Personal Information Protection Master Plan” issued by the PIPC and other government agencies on July 11, the South Korean government is preparing to enact a law that enables young people to request erasure of digital information about themselves until 2024. The digital footprint includes third party posting such as cyberbullying and “Sharenting,” the online sharing of private information about a child by their parents or other caregivers. Content that is undergoing criminal investigation or is part of a trial is excluded from the right to be deleted. “We have not made the decision whether to enact a new law or reform a current law,” said the official of PIPC’s personal information protection policy division. Prior to the enactment of the rights to be forgotten, South Korean officials are preparing to launch a pilot program next year aimed at helping young people delete or blind the content they have created.

4. Seoul National University Hospital Reports Additional Data Breach of Patients' Information

Notifications are going out to the patients of one of the largest hospitals in South Korea whose personal information may have been compromised in a data breach in June 2021, according to a local news report on Wednesday. The Seoul National University Hospital confirmed that an additional data breach was discovered while investigating the cyber-attack that happened last year. The hospital suffered a data breach last June where the attacker executed a malicious code and accessed patients’ personal information. The local news reported that approximately seven thousand patients who received care at Seoul National University Hospital were affected by the attack. A statement from the hospital on its official website last week said that the breached data could include patients' names, ages, birth dates, account numbers, dates of service, diagnosis, and test results. “Resident registration numbers, phone numbers, addresses, and test results such as pictures were not included in the breached data,” the statement said.

5. LockBit Ransomware Rules the Scene

The Readable published a special report on the LockBit ransomware on July 12. LockBit has become a major threat to cybersecurity, dominating 34.3% of the entire ransomware scene. It has made phenomenal progress in just three years, considering that LockBit was barely known in 2020. Now, LockBit is far ahead of the other ransomware groups, such as Conti and BlackCat, victimizing 383 companies around the world so far this year. According to analysis by S2W, a total of 870 organizations were hit by LockBit during the last three years. LockBit’s new version of ransomware, LockBit 3.0, is active in the wild. The group went through beta testing for the 3.0 version and is holding a bug bounty to fortify its own cybersecurity. The group shows excessive confidence, while having copycats make use of LockBit's name. The news article was a collaboration between The Readable and Maeil Business Newspaper, which is the most circulated business newspaper in South Korea. You can find more details in the original reporting by The Readable.


Photo by the Office of the 20th President of South Korea

Kuksung Nam is a cybersecurity journalist for The Readable. She covers cybersecurity issues in South Korea, including the public and private sectors. Prior to joining The Readable, she worked as a political reporter for one of the top-five local newspapers in South Korea, The Kyeongin Ilbo, where she reported several exclusive stories regarding the misconduct of local government officials. She is currently focused on issues related to anti-fraud, as well as threats and crimes in cyberspace. She is a Korean native who is fluent in English and French, and she is interested in delivering the news to a global audience.

Dain Oh is an award-winning cybersecurity journalist based in South Korea and the founding editor-in-chief of The Readable by S2W. Before joining S2W, she worked as a reporter for The Electronic Times, the top IT newspaper in Korea, covering the cybersecurity industry on an in-depth level. She reported numerous exclusive stories, and her work related to the National Intelligence Service led to her being honored with the Journalist of the Year Award in 2021 by the Korea Institute of Information Security and Cryptology in a unanimous decision. She was also the first journalist to report on the hacking of vulnerable wallpads in South Korean apartments, which later became a nation-wide issue.