Analysis of 6.16 Million Electronic Intrusion Attempts... 35.9% Decrease
All 18 Large-Scale Ransom DDoS Attacks Successfully Defended
Threat of Variant Attacks Remains "Too Early to Relax" Warning Issued
[Asia Economy Reporter Song Seung-seop] "We plan to launch a DDoS attack (an act that overloads a site or server). If you do not want this, send Bitcoin to this address." In August last year, DDoS attacks aimed at extorting money were carried out against three domestic banks. The financial institutions immediately activated their internal Intrusion Prevention Systems (IPS) and responded according to their manuals. Excessive traffic was rerouted to the 'Cloud Shelter' operated by the Financial Security Institute. Although the attack lasted for 2 to 3 hours, the damage was limited to some systems experiencing brief slowdowns.
Despite the acceleration of digital non-face-to-face finance, electronic intrusion attempts have been found to have decreased. It is analyzed that the digital response capabilities of financial institutions have improved due to the adoption of advanced security technologies, cooperation with related organizations, and increased security awareness among internal staff.
According to the Financial Security Institute on the 17th, the number of electronic intrusion attempts analyzed at the end of last year was 6.16 million, down 3.46 million (35.9%) from 9.62 million a year earlier. Electronic intrusion attempts refer to cyberattacks such as hacking, DDoS, and ransomware, unlike physical attacks. During the same period, the number of responses to electronic intrusion attempts also slightly decreased from 2.74 million to 2.37 million.
Phishing sites that mimic financial institutions' websites to steal personal information were detected 40,000 times. Although phishing sites sharply increased from 18,000 in 2018 to 50,000 within a year, they have since decreased. The number of analyzed malicious codes distributed through links or illegal applications (apps) has also been on a downward trend annually. Last year, there were 31.43 million cases, 10.43 million (24.9%) fewer than the previous year's 41.88 million, and 14.84 million (32.0%) fewer compared to 46.27 million in 2018.
Last year, there were a total of 18 large-scale ransom DDoS attacks targeting financial institutions, all of which were successfully defended. Ransom DDoS is a cyberattack that takes corporate websites hostage and demands money such as Bitcoin by threatening with DDoS attacks.
Enhanced Financial Sector Response Capabilities... But Some Say "Too Early to Relax"
There were 24 cases where intrusion attempts led to incidents such as disruption or paralysis of electronic financial infrastructure, which became subjects of investigation and analysis by the Financial Security Institute. This is a slight increase from 22 cases in 2019 but generally a decrease compared to 32 cases in 2018.
The overall cyberattack response capabilities of the financial sector are evaluated to have improved. Financial institutions are investing their own budgets to introduce various advanced security technologies. Many financial institutions, including KB Kookmin Bank, have eagerly adopted 'FakeFinder' to detect malicious apps. FakeFinder uses artificial intelligence (AI) technology to detect all apps that deviate from the whitelist of legitimate apps. Shinhan Bank and Toss have installed 'AppSuit,' which prevents hackers from tampering with or hacking apps. Hana Bank has applied 'WhiteBox,' which implements encryption through proprietary security codes, making it impossible to steal PIN numbers or QR codes.
The Financial Security Institute has established a shared information system for voice phishing fraud across the entire financial sector and promoted linkage with the abnormal financial transaction information sharing system. It conducted 534 intrusion incident response drills targeting 189 domestic financial institutions and linked emergency response centers with 73 companies.
However, some point out that it is too early to be complacent. Although the number of cases has decreased, targets have become more sophisticated, and there is a possibility of variant attacks by hacker groups. The Financial Security Institute has also analyzed that employee account leaks, attacks on virtual facility network equipment, and software supply chain attacks have become new threats. A Financial Security Institute official warned, "DDoS attacks tend to occur more frequently in odd-numbered years," adding, "The scale is currently increasing."
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
