Cybersecurity News that Matters

Cybersecurity News that Matters

[Weekend Briefing] Integrity, first and always

Illustration by Areum Hwang, The Readable

by Dain Oh

Aug. 23, 2024
11:00 PM GMT+9

“Weekend Briefing” is a weekly newsletter sent to subscribers of The Readable every Friday. Our journalists select important news items from the previous week on topics ranging from privacy to policy development in cybersecurity, all to help you stay abreast of the latest breaking issues. And not only is this provided free of cost to our subscribers, but the briefing contains new content exclusive to subscribers, such as our insightful industrial reports.


I have always admired the word ‘integrity.’ Its sound and shape evoke a sense of power and elegance whenever I think of it. According to the Oxford Dictionary, integrity means both ‘the quality of being honest and having strong moral principles’ and ‘the state of being whole and undivided.’ I find the latter definition particularly compelling. My commitment to cybersecurity journalism reflects my appreciation for integrity. In our hyperconnected, technology-driven world, cybersecurity plays a crucial role in keeping our society whole, strong, and elegant.

This week, our reporters covered international efforts to enhance cybersecurity, including developments related to the Paris Olympics. I have also included several recent investigative articles by Minkyung Shin and Hongeun Im for those of you who haven’t had a chance to read them yet.

This is Dain Oh reporting from South Korea, and here is your weekend briefing.

1. 2024 Paris Olympics: Prime target for international cyberattacks

Illustration by Daeun Lee, The Readable

As the 2024 Paris Olympics, the world’s premier sports event, unfolded with 184 participating countries and 10,500 athletes competing before an audience of nearly 300 million, it also became a focal point for unprecedented international cyberattacks. Over the course of the 17-day event, the massive online presence and high-profile nature of the Games made it a prime target for cybercriminals seeking to exploit vulnerabilities and disrupt the global spectacle.

The French government’s cybersecurity agency, ANSSI, reported a total of 141 cyberattacks during the Games. Of these, 119 were low-impact security events, while 22 involved malicious actors successfully compromising victims’ information systems. The attacks primarily targeted sports events, infrastructure, transportation, telecommunications, and government agencies.

On June 6, Google Cloud noted in its blog that “the security community (was) better prepared for the cyber threats facing the Paris Olympics than it (had) been for previous Games, thanks to insights gained from past events.” Despite this, the report emphasized that the cyber threats were highly sophisticated and complex. It highlighted Russia as a high-risk actor, with China, Iran, and North Korea categorized as medium to low risk. Moreover, the firm detailed that attacks were directed at various elements, including event organizers, sponsors, ticketing systems, Paris’s cyber infrastructure, and both athletes and audience members. READ MORE

2. Google and Australia partner to enhance critical infrastructure security

Illustration by Areum Hwang, The Readable

Google and Australia are collaborating to reinforce software security for critical infrastructure as cyberattacks become increasingly frequent.

On Thursday, Google Cloud announced in its blog post that the Google Open Source Security Team (GOSST) and Google Cloud will work together on a research partnership with the Commonwealth Scientific and Industrial Research Organization (CSIRO), Australia’s national science agency.

The partnership aims to bolster cybersecurity for Australia’s critical infrastructure, including hospitals, financial systems, electricity grids, and data storage facilities, among other essential systems.

The research will focus on developing artificial intelligence-powered tools to detect and analyze vulnerabilities in open-source software used across various critical infrastructure sectors in Australia. Open-source software, which allows anyone to freely use and modify its source code, is widely utilized in these sectors but is also prone to security vulnerabilities. Google and CSIRO aim to deliver solutions to effectively manage these risks. READ MORE

3. Experts discuss ways to incorporate AI in security

Choi Yoon-ho, a professor at Pusan National University, is giving a presentation at the Workshop on Dependable and Secure Computing (WDSC) 2024 on August 19. Photo by Hongeun Im, The Readable

Security researchers discussed ways to utilize artificial intelligence in enhancing security in a three-day workshop. The Workshop on Dependable and Secure Computing (WDSC) 2024 was organized by the Korean Institute of Information Scientists and Engineers (KIISE), taking place from August 19 to August 21.

According to Choi Yoon-ho, a professor specializing in software and system security at Pusan National University, AI can be leveraged in cybersecurity for Intrusion Detection System (IDS) and malware detection. He explained that the rapid increase in known vulnerabilities has made it nearly impossible for humans to identify all potential threats. Additionally, with security solutions that must operate 24 hours a day, it is impractical for humans to thoroughly examine every detail. AI can assist by handling these tasks, allowing people to focus on more critical responsibilities. READ MORE

4. Kentucky man fakes own death to evade child support payments

Illustration by Areum Hwang, The Readable

A Kentucky man has been sentenced to six years and nine months in prison after faking his own death by hacking a government system to evade child support payments, according to U.S. prosecutors.

Jesse Kipf, a 39-year-old man from Somerset, Kentucky, faked his own death in January 2023 to avoid paying child support. Kipf accomplished this by accessing Hawaii’s death registry system using a stolen username and password belonging to a doctor practicing in another state. He then created a fraudulent death certificate, complete with the doctor’s digital signature, to report his own death. As a result, Kipf was listed as deceased in several government databases.

In addition, Kipf illegally accessed death registry systems in other states, as well as private business and government networks, to steal individuals’ personal information. He then attempted to sell these stolen credentials on the dark web. READ MORE

5. Doxing threats against non-participating doctors continue amid South Korea ongoing doctors’ strike

Illustration by Daeun Lee, The Readable

Amid a nationwide strike by South Korean doctors that has stretched on for more than six months, tensions have escalated as a list of doctors who have returned to work was recently circulated online, sparking concern over doxing and potential threats to those breaking ranks.

Initially uploaded to the file-sharing website Pastebin on August 9, the list reveals personal information of approximately 800 doctors, including their names, the universities they attended, and the hospitals where they currently work.

The individual responsible for the doxing stated in their post, “I would like to inform people of the great doctors who are determined to perform medical treatment in this sick world.” The comment—rife with sarcasm—was clearly targeted against doctors who have chosen not to participate in the strike. READ MORE

6. Digital violence escalates with tech-powered fake pornography

Illustration by Areum Hwang, The Readable

Last May, the Cybercrime Investigation Unit of the Seoul Metropolitan Police Agency announced the arrest of five individuals for illegally creating and distributing doctored pornographic images using photos of female acquaintances. Two of the offenders, both graduates of Seoul National University (SNU), took photos of 61 victims, including SNU alumni, from their personal social media accounts without consent. They manipulated these photos by combining them with explicit content to create over 400 doctored images, distributing them through a private Telegram channel.

As digital technology advances rapidly, the scale of digital sexual crimes is expanding across online platforms. Deepfake sex crimes, where victims are easily targeted through social media or the internet and their images are manipulated into explicit photos or videos, are becoming increasingly serious. The Readable has conducted multiple interviews with law enforcement agencies and civil organizations that are closely monitoring these crimes.

The Women’s Human Rights Institute of Korea (WHRIK), an organization dedicated to preventing violence against women and supporting victims, published the “2023 Digital Sexual Crimes Victimization Report.” According to the report, the number of victims of digital sexual crimes rose from 1,315 in 2018 to 8,983 in 2023, marking an increase of 7,668 over five years. Additionally, the number of victims of illegally manipulated content increased by 359 during the same period. READ MORE

7. Windows 10 support ends next year, but users aren’t ready

Illustration by Areum Hwang, The Readable

In December, Microsoft announced that support for Windows 10 would end on October 14, 2025. However, as of July, Windows 11 has only just surpassed a 30% market share, which has raised concerns within the security industry.

According to StatCounter, Windows 11’s market share reached a peak of 30.83% in July, the highest it has ever been. In comparison, Windows 10 still held a dominant 64.99% during the same period. Windows 10, which was released by Microsoft on July 29, 2015, has remained widely used despite the launch of Windows 11 on October 5, 2021.

With just 14 months remaining until Windows 10 support ends, the fact that its user base significantly exceeds that of Windows 11 presents a major security concern. After the End of Support (EoS) date, any new vulnerabilities discovered in Windows 10 will go unpatched, leaving devices still running the system vulnerable. EoS refers to the point in a software’s lifecycle when it no longer receives updates or security patches. READ MORE

Subscription

Subscribe to our newsletter for the latest insights and trends. Tailor your subscription to fit your interests:

By subscribing, you agree to our Privacy Policy. We respect your privacy and are committed to protecting your personal data. Your email address will only be used to send you the information you have requested, and you can unsubscribe at any time through the link provided in our emails.

  • Dain Oh
    : Author

    Dain Oh is a distinguished journalist based in South Korea, recognized for her exceptional contributions to the field. As the founder and editor-in-chief of The Readable, she has demonstrated her expe...

    View all posts
Stay Ahead with The Readable's Cybersecurity Insights