[New Wave] Cyberwarfare Without Safe Zones: How Should We Prepare?

As the war between Russia and Ukraine continues for over a month, it is showing the characteristics of a so-called “hybrid war,” where physical clashes and cyber conflicts are intertwined. Before the full-scale invasion of Ukraine, Russia attempted to paralyze the national computer network by carrying out DDoS attacks. Recently, numerous malicious codes aimed at destroying the computer networks of key Ukrainian government agencies have been discovered, and attacks to steal critical data using these codes continue.

This cyber war is not limited to the conflict between Russia and Ukraine; hackers of various nationalities are joining cyber attacks in support of their respective countries, rapidly increasing the scale of the conflict.

The international hacker group “Anonymous” declared cyber war against the Russian government, targeting Russian government agencies and state-owned enterprises, reportedly causing outages on many major websites. A well-known open-source package developer also inserted malicious code into open-source software as a protest against Russia’s invasion of Ukraine. This attack causes the deletion of files and system destruction if the program using the package is run in Russia.

In this globally expanding cyber war, South Korea is by no means a safe zone. Due to participation in sanctions against Russia, the likelihood of retaliatory attacks from hacker groups related to Russia is increasing. Additionally, hacker groups aiming for financial gain, regardless of political motives, are also increasing their attacks amid global chaos.

Recently, several major domestic conglomerates suffered damage such as the leakage of some corporate information due to attacks by the newly formed hacker group “Lapsus,” raising awareness of the importance of cybersecurity once again. On the 21st, the National Intelligence Service and the Ministry of Science and ICT raised the cyber crisis alert levels for the public and private sectors to “caution,” recommending that domestic institutions and companies strengthen their cybersecurity defenses.

Compared to large corporations or public institutions, small and medium-sized enterprises (SMEs) have relatively limited resources to invest in cybersecurity. SMEs can prepare for cyber threats by checking various security vulnerability information disclosed domestically and internationally, as well as security software patch information distributed by manufacturers in real time through the recently launched “Cybersecurity Vulnerability Information Portal” by the Ministry of Science and ICT and the Korea Internet & Security Agency.

Equally important as preparing for cyber attacks is the ability to respond when a breach occurs. The Korea Internet & Security Agency recently published the “Private Sector Incident Response Guide,” which contains detailed instructions on incident handling and reporting methods. Not only security personnel of companies but also individual users need to familiarize themselves with these incident response procedures in advance.

It should be kept in mind that cyber attacks, which are spreading comprehensively today, can occur anytime and anywhere for various purposes. Continuous efforts are required at the individual, corporate, institutional, and national levels to thoroughly prepare and improve response capabilities.

Choi Jeong-su, Head of Core Research Team, Raon White Hat

© The Asia Business Daily(www.asiae.co.kr). All rights reserved.