The financial authorities have been unable to identify the cause of the large-scale ransomware attack targeting SGI Seoul Guarantee for two months. The Financial Security Institute (FSI), which is conducting an investigation together with the authorities, noted that the sophistication of hacking techniques has made it difficult to pinpoint the exact methods of attack and infiltration routes, and that it may not be easy to achieve concrete identification in the future.
Experts point out that if the cause of this incident is not clearly identified, it may also be difficult to establish security strategies within the financial sector.
According to the financial industry on the 1st, the FSS is investigating the cause related to the system paralysis incident at SGI Seoul Guarantee that occurred on July 14. An FSS official said, "It will not be easy to clarify the cause specifically, but we plan to prepare security measures based on the issues identified so far."
The Financial Security Institute (FSI), which is currently investigating the security incident with the FSS, anticipates that identifying the specific causes will still be difficult. This is because hackers have recently acquired precise attack technologies using artificial intelligence (AI), reducing the chances of leaving behind traces that could serve as leads in the past. The FSI stated, "If we cannot clearly identify the organization behind the hacking, it may also become challenging to establish an overall security strategy."
Given that cyber attacks targeting financial companies continue, experts advise that identifying the cause and preparing countermeasures are urgent. On the 18th of last month, data was leaked due to a hacking attack on 'Welix F&I Lending,' a subsidiary of Welcome Financial. The FSS on the 21st of last month shared cases of system failures and security breaches among 458 financial companies and urged measures to prevent recurrence.
Professor Yeom Heung-yeol of Soonchunhyang University's Department of Information Protection said, "Recently, even a larger corporation like SK Telecom identified the cause of their security incident two months after becoming aware of it," and emphasized, "If the identification of the cause is delayed, similar methods of attack may occur again, making prompt countermeasures necessary."
Professor Lee Seong-yeop of Korea University's Graduate School of Technology Management stated, "If the cause is not identified in a timely manner, the same attack may occur again," adding, "It is necessary for the authorities to quickly clarify the causes of cyber attacks and to proactively demand that financial companies restructure their security systems."
Previously, due to the system failure at SGI Seoul Guarantee in July, some subscribers were unable to execute jeonse loans, resulting in delays in moving in. SGI Seoul Guarantee completed the recovery of its core computer systems four days after the incident and resumed major services such as jeonse guarantee insurance. However, it is reported that the internal business support system used by employees is still undergoing recovery work.
☞ Ransomware
Ransomware is a portmanteau of ransom and software, which refers to a malicious program that locks systems or encrypts data so that it cannot be used, and then demands money in return for the release of the data.