KB Kookmin Bank Plans to Establish Hidden Channel Monitoring
Continuous Checks for Information Leaks on Deep Web and Dark Web
Toss and Woori Bank Identify Vulnerabilities Through Penetration Testing
[Asia Economy Reporter Song Seung-seop] Major banks are making all-out efforts to strengthen their security capabilities. As cyberattack techniques become more sophisticated and their frequency increases, even a single incident can cause uncontrollable damage.
According to the financial sector on the 2nd, KB Kookmin Bank announced a request for proposals for the ‘Hidden Channel Monitoring System Establishment’ at the end of last month. According to the project plan, KB Kookmin Bank will monitor whether its critical information has been leaked on the deep web or dark web. It also plans to establish a system to continuously collect and utilize information that poses threats to the financial sector, such as major hacking groups.
The deep web refers to websites that are not indexed by search engines. Among these, the dark web consists of websites with encrypted networks accessible only through special routes. Because it is difficult to identify visitors or servers on the dark web, it is also called the ‘deep sea’ of the internet. Due to the strong guarantee of anonymity, drugs, firearms, and illegally stolen corporate and personal financial information are often traded there.
Related damages have also occurred domestically. In 2020, a ransomware group stole 2 million pieces of personal information from a domestic company and then disclosed 700,000 credit card details on the dark web. This year, a hacker leaked 8GB of personal data on the dark web, claiming to sell information on 32.4 million people. For financial companies, if a hacking incident occurs, they have to endure monetary extortion threats, and it is difficult to respond because verifying the authenticity of the information is impossible.
Attempts to identify vulnerabilities in advance are also continuing, centered on financial companies. Woori Bank held a ‘Penetration Testing Competition’ linked with the Security Agency last month and discovered vulnerabilities in Woori Bank’s internet banking and the WooriWON Banking application over five days. The competition was conducted by simulating hacking from an attacker’s perspective to identify weak points. Toss also held a ‘Bug Bounty’ program in September for its major financial affiliates such as Toss Bank, Toss Securities, and Toss Payments, offering a reward of 30 million KRW.
Defense measures against cyberattacks are also becoming more advanced. Shinhan Bank established a system at the end of last year to effectively respond to financial incidents such as hacking locally. A system has been set up to continuously monitor and analyze cyberattacks such as hacking and ransomware at local subsidiaries and overseas branches. The domestic threat response process has also been unified into a global standard model.
However, there are still criticisms that efforts in the financial sector are insufficient. The proportion of IT personnel in major commercial banks remains low. According to data on the ‘Status of IT Personnel in Major Domestic Financial Sectors’ submitted by the Financial Supervisory Service to the office of National Assembly member Kang Min-guk of the People Power Party, KB Kookmin, Shinhan, Woori, and Hana Banks have 4,493 IT personnel, which is about 8.2% of the total 54,863 employees. Representative Kang stated, “Since the overall IT personnel in the financial sector is only about 10%, there are concerns about whether they can effectively respond to new security risks.”
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
![15-Year Veteran Field Mechanic Becomes AI Talent... Korean Air's Experiment [AI Era, Jobs Are Changing]](https://cwcontent.asiae.co.kr/asiaresize/319/2025121111232252273_1765419802.jpg)
