South Korea ranks as the most targeted country after US and Ukraine, US cyber firm reveals

South Korea ranks as the most targeted country after US and Ukraine, US cyber firm reveals
Luke McNamara, a principal analyst at Google owned cybersecurity firm Mandiant, is speaking during a media briefing at Google’s South Korean branch on Tuesday. Photo by Kuksung Nam, The Readable

By Kuksung Nam, The Readable
Aug. 29, 2023 7:28PM GMT+9

South Korea stands as one of the countries most frequently targeted by cybercriminals, trailing only behind the United States and Ukraine, an expert at a U.S. cybersecurity company revealed on Tuesday.

Luke McNamara, a principal analyst at Mandiant, a cybersecurity firm owned by Google, revealed during a press briefing at Google’s South Korean office that South Korea ranked third on the company’s “cyber threat risk score.” Drawing from both internal and public data from last year, the U.S.-based firm evaluated the cyber threat levels in twenty-five countries, excluding China and Russia.

According to McNamara, the “cyber threat risk score” considers both the frequency and potential impact of the attacks that a given country experiences. These attacks can vary in nature, encompassing everything from cybercrime and cyberespionage to information operations and hacktivism. For instance, while a country may frequently face distributed denial of service (DDoS) attacks, these may not be as devastating as malware attacks which target the operational technology used in critical infrastructure.

“It tells you what sort of neighborhood you are in. Are you in a very dangerous neighborhood or a safe neighborhood?” said McNamara. “But it does not say anything about the quality of the locks on your door or how secure your organization is.”

The expert attributes South Korea’s elevated risk status primarily to hacking groups operating under the auspices of the North Korean government. “I believe most of it was state-based espionage. A lot of it was driven by the North Korean threat,” McNamara explained to The Readable.

In addition, the principal analyst shed light on a North Korean hacking group’s engagement with cutting-edge artificial intelligence technologies. According to the expert, the group, commonly known as Kimsuky, has displayed a keen interest in large language models. However, he noted that the firm is still investigating the group’s intended purpose and application for these technologies.

“North Korean threat actors are always very creative, and they are always looking for new ways to exploit the target,” said McNamara to The Readable. “Threat actors across all different types of motivations will often focus on the simplest way to do something. This is always something to keep in mind when we think about new technologies.”

Kuksung Nam is a journalist for The Readable. She has extensively traversed the globe to cover the latest stories on the cyber threat landscape and has been producing in-depth stories on security and privacy by engaging with industry giants, foreign government officials and experts. Before joining The Readable, Kuksung reported on politics for one of South Korea’s top-five local newspapers, The Kyeongin Ilbo. Her journalistic skills and reportage earned her the coveted Journalists Association of Korea award in 2021 for her essay detailing exclusive stories about the misconduct of a former government official. She holds a Bachelor’s degree in French from Hankuk University of Foreign Studies, a testament to her linguistic capabilities.