[New Wave] The Threat of the 'Digital Pandemic,' Let's Prepare with a Direct Approach

The New Year is a busy time as various organizations and companies establish new business plans and policies. In terms of security strategies, institutions and companies are expected to show more interest than ever before this year, with related investments also increasing. In particular, the recent ‘log4j’ incident that shook both domestic and international communities at the end of last year served as a wake-up call not only for security personnel but also for software developers and corporate stakeholders, reminding them of the importance of security awareness.

Log4j, a Java-based open-source library from the Apache Software Foundation, is widely used by many companies when developing internet services. Therefore, the remote code execution (RCE) vulnerability discovered in this library inevitably has a significant global impact.

Looking back on the past year, which was marked by numerous major security incidents, and preparing for a safer new year, the core research team at RaonWhiteHat, to which the author belongs, analyzed and published the major cybersecurity threat trends for this year. While the aftermath of the COVID-19 pandemic, which has lasted over two years due to the spread of variant viruses, is expected to continue, this year there is concern over a ‘digital pandemic’ characterized by a sharp increase in cybersecurity threats targeting new technologies and services such as blockchain, metaverse, and MyData.

Specifically, regarding security threats to watch this year, attacks targeting vulnerabilities in additional functions within blockchain services are expected to increase across industries including finance, healthcare, and distribution. Services based on blockchain technology have high security in themselves, but various additional functions provided by service providers to differentiate themselves from competitors often lack sufficient verification processes for user information input during development, making them prime targets for attackers.

Illegal activities in the globally spotlighted metaverse environment also require caution. As economic activities of companies and individuals increase within the metaverse, security measures such as user authentication, network security, and data encryption appear necessary. With the full-scale launch of MyData services this month, sophisticated cyberattacks targeting the IT infrastructure of MyData service providers, where sensitive personal financial information is concentrated and integrated, are also expected to rise.

As ‘hybrid work,’ combining on-site and remote work, becomes widespread due to COVID-19, the risk of leakage of important corporate data is also expected to increase. In particular, hacking attacks that steal critical corporate information by exploiting various vulnerabilities in collaboration tools and VPNs used for remote work must be guarded against. Additionally, cyberattacks exploiting configuration errors by cloud users and operators, as well as corporate ransomware abusing vulnerabilities in software supply chains and mail exchange servers, are expected to become more rampant.

The vulnerability discovered last year in the log4j library remains unresolved, and new forms of diverse cyberattacks continue to threaten us. Learning from the log4j incident and similar security accidents, not only security personnel but also software developers and users must adhere to basic security rules and proactively inspect security vulnerabilities to establish more thorough security measures in daily life. To prepare for ever-evolving security threats and protect ourselves from the digital pandemic, we must confront these challenges with a fundamental and straightforward security approach.

Choi Jeong-su, Head of Core Research Team, RaonWhiteHat

© The Asia Business Daily(www.asiae.co.kr). All rights reserved.