In the first half of this year, reports of cyber intrusion incidents exceeded 1,000. This represents an increase of about 15% compared to the same period last year. The Ministry of Science and ICT urged that as cyber threats become more intelligent and advanced in the age of artificial intelligence (AI), preparations are necessary.
The Ministry of Science and ICT announced on the 8th, along with the Korea Internet & Security Agency (KISA), the domestic trends of cyber threats for the first half of the year.
The number of reported intrusion incidents during this period was 1,034, rapidly increasing compared to the same period last year (899 incidents). By industry, the information and communication sector had the highest occurrence rate at 390 incidents (32%). The number of occurrences also rose by 29% compared to the same period last year. The manufacturing sector recorded 157 incidents, and the retail sector had 132 incidents.
In the first half of this year, cyber intrusion incidents that significantly impacted citizens' lives, such as 'SK Telecom SIM card hacking' and 'YES24·SGI Seoul Guarantee ransomware infection,' occurred.
Choi Woo-hyuk, the director of the cybersecurity policy division at the Ministry of Science and ICT, said, "The government is actively introducing AI specialized in cybersecurity for the entire cycle of response to intrusion incidents, including detection, response, investigation, and analysis, to cope with increasingly intelligent and advanced cyber threats" and "We will strive to minimize damage to citizens and corporations, such as personal information leaks, through proactive detection and response to intrusion incidents."
The Ministry of Science and ICT is particularly overhauling the national information protection system and introducing AI throughout the entire response to intrusions, following the SK Telecom hacking incident. KISA has posted '8 security guidelines for data backup against ransomware' on its Protect Nation website and has communicated this to corporations to help them prepare.
In the first half of the year, serious monetary damages due to virtual asset hacking cases continued to emerge. In February, approximately $1.5 billion (about 2.75 trillion won) was stolen from Bybit overseas, while a similar incident occurred domestically when Wemade's virtual asset project, WEMIX, suffered a large-scale hacking amounting to about 9 billion won (over 8.65 million).
The Ministry of Science and ICT analyzed, "Recent cyberattacks on virtual asset exchanges are penetrating indirectly into virtual asset exchanges through the security vulnerabilities of third-party partners rather than through direct attacks on virtual assets" and "They show characteristics of supply chain attacks that seize assets, targeting not major companies with strong security, but rather weaker partner companies or associated services." The ministry emphasized that "corporations need to establish a security management system for the entire supply chain, including regular security vulnerability checks and monitoring systems for maintenance linked to virtual asset services and partner companies."
Incidents exploiting credential stuffing are also on the rise. Hackers are trading stolen account information obtained through various means, including hacking, on the dark web. Credential stuffing refers to the method of entering leaked account information on other websites to steal logins and personal information.
The Ministry of Science and ICT advised that "to respond to credential stuffing attacks, corporations should implement a 'multi-factor authentication system'" and "there is a need to use different passwords for each site."