By Dain Oh, The Readable
Jul. 28, 2023 10:05PM GMT+9
“Weekend Briefing” is a weekly newsletter that is sent to The Readable’s subscribers every Friday. Journalists for The Readable select important news stories from the previous week. Topics encompass privacy, cybercrime, and policy development in cybersecurity. There are no costs involved with a subscription, and some content, such as industrial reports, is only available to those who subscribe to our newsletters.
Hello! This is Dain Oh in South Korea. As for this week’s briefing, I have selected six stories. You can also find information on two upcoming conferences at the bottom of this newsletter. Have a great weekend!
1. South Korea, US to share cyber threat information in real time
A member of the National Assembly recently requested that the Korea Internet & Security Agency (KISA) report on follow-up actions after the presidential summit between the United States and the Republic of Korea, which took place in Washington D.C. last April. The most notable outcome of this summit was the Strategic Cybersecurity Cooperation Framework that expanded the bilateral defense alliance to cyberspace.
According to a document provided by lawmaker Park Jeong-ha’s office to The Readable, the agency has discussed a few cooperative agendas with the U.S. Department of Homeland Security and the Cybersecurity and Infrastructure Security Agency (CISA) particularly to facilitate cyber threat information sharing. As a result of the discussion, KISA and CISA, by the end of this year, are expected to build a system that will enable both agencies to share information in real time while introducing a new function that converts the formats used by each nation when sharing cyber threat information. If it is completed, it will shine a light on some of the darkest blind spots that have been crowded by bad actors by accelerating cybercrime investigation by law enforcement.
2. OpenAI faces fine for failing to report data breach within 24 hours
ChatGPT maker OpenAI is facing a financial penalty for failing to report a data leakage of South Korean users to the country’s privacy regulator in 24 hours. In a press release on Thursday, the Personal Information Protection Commission (PIPC) stated that they held the 13th plenary meeting on July 26 and decided to impose a fine of 3.6 million won (almost $2,900) on OpenAI for not notifying them about the data breach that happened last March.
According to OpenAI, 1.2% of ChatGPT Plus users’ details were exposed to other active members for nine hours on March 20. The leaked information included users’ names, email addresses, payment addresses, the last four digits of credit card numbers, and credit card expiration dates. ChatGPT Plus is a subscription service that was released by the company in February of this year. Around 80,000 South Koreans used OpenAI’s paid service last April. READ MORE
3. Opinion: OT security landscape in 2023
A growing number of business and industry leaders are concerned about the onslaught of cyberattacks targeting the operational technology (OT) they rely on for critical operations. According to a 2023 Blackberry research report  involving 1,500 manufacturing IT decision-makers worldwide, 40% said they are most concerned that hackers can execute attacks via connected devices, including IoT. Also, 29% expressed concerns over malicious insiders gaining access to sensitive data, while 23% fear ransomware attacks constantly threatening crucial OT. In addition, a 2023 report  on OT cybersecurity found that three-quarters of OT organizations suffered an intrusion in 2022, with malware (56%) and phishing (49%) attacks leading the pack. READ MORE
4. South Korea arrests 25 individuals for phone number spoofing
South Korean law enforcement said on Tuesday that they arrested 25 individuals for their involvement in a phone scam where they allegedly took part in spoofing phone numbers. In a press release, South Korea’s phone scam joint investigation team stated that the suspects, including five Taiwanese and one Chinese, were charged with manipulating phone calls. The criminals assisted a Chinese phone scamming group by converting the first three-digit number called through voice over internet protocol to an ordinary cell phone number. The voice over internet protocol uses an internet connection instead of regular phone lines to make calls. READ MORE
5. [Perspective] Presenting a different future for phone scam victims
In 2011, I came across a vendor on an online second-hand store who was selling a music player that I had been craving for years, the iPod Touch. The price was 100,000 won (almost $80), less than one third of the cost of the original product. The deal was too good to be true for someone who had just become a university student. Clouded by adrenaline, I did not hesitate for a second and pressed the “send” button on my mobile banking account. READ MORE
6. [ChatGPT Assisted] Mandiant: Chinese cyber espionage actors evolve tactics to avoid detection
The latest report by Mandiant discusses how Chinese cyber espionage actors have evolved their tactics to avoid detection and complicate attribution. They have been increasingly exploiting zero-days in security, networking, and virtualization software to gain initial access to victim networks without human interaction, reducing the chances of detection. Moreover, Chinese threat groups are using botnets and custom malware to relay and disguise attacker traffic both externally and internally within compromised networks, further enhancing their stealth capabilities. READ MORE
1. W.Media: Korea Cloud & Datacenter Convention 2023 (31 August, South Korea)
The Readable is a strategic partner with W.Media regarding this event. As part of the partnership, The Readable provides its readers with complimentary tickets. Send us an email to receive promotional codes: email@example.com
2. (ISC)2: Secure Asia Pacific (6-7 December, Singapore)
The cover image of this article was designed by Sangseon Kim.
Dain Oh is a distinguished journalist based in South Korea, recognized for her exceptional contributions to the field. As the founder and editor-in-chief of The Readable, she has demonstrated her expertise in leading media outlets to success. Prior to establishing The Readable, Dain was a journalist for The Electronic Times, a prestigious IT newspaper in Korea. During her tenure, she extensively covered the cybersecurity industry, delivering groundbreaking reports. Her work included exclusive stories, such as the revelation of incident response information sharing by the National Intelligence Service. These accomplishments led to her receiving the Journalist of the Year Award in 2021 by the Korea Institute of Information Security and Cryptology, a well-deserved accolade bestowed upon her through a unanimous decision. Dain has been invited to speak at several global conferences, including the APEC Women in STEM Principles and Actions, which was funded by the U.S. State Department. Additionally, she is an active member of the Asian American Journalists Association, further exhibiting her commitment to journalism.