Next year, cyber attacks using generative artificial intelligence (AI) are expected to increase, and state-sponsored hacker groups may carry out cyber terrorism targeting the general election and the U.S. presidential election.
The Ministry of Science and ICT and the Korea Internet & Security Agency (KISA), together with the 'Cyber Threat Intelligence Network' involving AhnLab, Ginnoans, Microsoft, and Mandiant, announced the analysis of 2023 cyber security threats and the outlook for 2024 cyber security threats on the 17th.
The Ministry of Science and ICT predicted that next year, covert software supply chain attacks that go unnoticed will continue, cyber crimes exploiting generative AI will increase, and threats to operational technology (OT), industrial control systems (ICS), and the Internet of Things (IoT) will rise.
With political events such as the general election in April and the U.S. presidential election in November scheduled for next year, the possibility of cyber threats from forces aiming to cause social chaos has also increased. In particular, it pointed out that state-sponsored hacker groups and 'HackerBeast,' who act based on their beliefs, may attempt cyber terrorism that causes confusion and disruption across society, along with activities to leak information of opposing forces.
Meanwhile, major cyber security threats this year included vulnerabilities in security programs, expanded supply chain attacks targeting software developers, messenger impersonation attacks targeting personal information and their re-spread, ransomware attacks, and financial extortion using the threat of disclosing industrial secrets.
In March, hacking attacks exploiting vulnerabilities in security authentication programs, presumed to be carried out by the North Korea-linked hacker group 'Lazarus,' were confirmed, and supply chain attacks distributing packages with hidden malware in open source communities also continued to occur.
Phishing sites detected and blocked on portals and messengers totaled 7,534 cases, about 1.8 times more than the previous year (4,206 cases), and smishing messages impersonating parcel delivery, traffic fines, and acquaintances' obituaries were blocked about 370,000 times.
The success rate of 'credential stuffing' attacks, which randomly input user account information collected from other sites to attempt logins, was recorded at 0.3%, and recently, 780,000 personal information records were leaked from Interpark and 230,000 from the Korea Employment Information Service (Worknet).
This year, ransomware attacks mainly targeted small and medium-sized enterprises (78.1%) and manufacturing (36.7%), evolving into a multi-extortion method that encrypts data on both operational and backup servers and then demands money.
However, according to the Korea Internet & Security Agency's incident report standards, the number of ransomware attacks reported until November this year was 237 cases, a 27.1% decrease compared to last year (325 cases).
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
![User Who Sold Erroneously Deposited Bitcoins to Repay Debt and Fund Entertainment... What Did the Supreme Court Decide in 2021? [Legal Issue Check]](https://cwcontent.asiae.co.kr/asiaresize/183/2026020910431234020_1770601391.png)
