South Korea stands as one of the countries most frequently targeted by cybercriminals, trailing only behind the United States and Ukraine, an expert at a U.S. cybersecurity company revealed on Tuesday.
Luke McNamara, a principal analyst at Mandiant, a cybersecurity firm owned by Google, revealed during a press briefing at Google’s South Korean office that South Korea ranked third on the company’s “cyber threat risk score.” Drawing from both internal and public data from last year, the U.S.-based firm evaluated the cyber threat levels in twenty-five countries, excluding China and Russia.
According to McNamara, the “cyber threat risk score” considers both the frequency and potential impact of the attacks that a given country experiences. These attacks can vary in nature, encompassing everything from cybercrime and cyberespionage to information operations and hacktivism. For instance, while a country may frequently face distributed denial of service (DDoS) attacks, these may not be as devastating as malware attacks which target the operational technology used in critical infrastructure.
“It tells you what sort of neighborhood you are in. Are you in a very dangerous neighborhood or a safe neighborhood?” said McNamara. “But it does not say anything about the quality of the locks on your door or how secure your organization is.”
The expert attributes South Korea’s elevated risk status primarily to hacking groups operating under the auspices of the North Korean government. “I believe most of it was state-based espionage. A lot of it was driven by the North Korean threat,” McNamara explained to The Readable.
In addition, the principal analyst shed light on a North Korean hacking group’s engagement with cutting-edge artificial intelligence technologies. According to the expert, the group, commonly known as Kimsuky, has displayed a keen interest in large language models. However, he noted that the firm is still investigating the group’s intended purpose and application for these technologies.
“North Korean threat actors are always very creative, and they are always looking for new ways to exploit the target,” said McNamara to The Readable. “Threat actors across all different types of motivations will often focus on the simplest way to do something. This is always something to keep in mind when we think about new technologies.”
