Overseas Malware and Phishing Attempts... Government Emergency Response
6 out of 10 Affected Companies Recover... Monitoring Ongoing
On the afternoon of the 19th, when the ticketing and reservation systems of some airlines were paralyzed, employees were busy manually issuing tickets at the Jeju Air ticketing counter on the departure floor of Jeju International Airport. [Photo by Yonhap News]
The government has entered emergency response mode as cyberattack attempts exploiting the global IT outage that occurred on the 19th have been detected overseas. Additionally, it has been confirmed that 6 out of 10 domestic companies affected by this incident, including airlines and game companies, have completed recovery.
According to the Ministry of Science and ICT and the Korea Internet & Security Agency (KISA) on the 22nd, cyberattack attempts exploiting the IT outage caused by Microsoft (MS) have been occurring overseas, requiring caution from domestic company security personnel. This incident occurred due to a conflict between a software update distributed by the cybersecurity company CrowdStrike, which uses MS's cloud service 'Azure,' and the MS Windows operating system. Taking advantage of this situation, overseas cyberattacks have been discovered that distribute malware under the pretense of fixing technical issues or induce personal information input through fake phishing emails.
KISA urged, "Please refer only to the official emergency recovery measures provided on the official CrowdStrike website or the Safe Korea site." As of the morning of the same day, KISA stated that no reports of malware or suspected phishing cases related to this issue have been received domestically.
July is designated by the government as 'Information Security Month' to raise cybersecurity awareness, but coincidentally, a global IT outage has triggered emergency alerts for security. The Ministry of Science and ICT announced that the number of reported cyber intrusion incidents last year was 1,277, a 12% increase compared to the previous year. The industry with the most intrusion incidents last year was the information and communications sector (442 cases), and the sector with the largest increase in damage was wholesale and retail (184 cases), up 18% from the previous year.
The Ministry of Science and ICT identified a total of 10 domestic companies affected by this incident, of which 6 have completed recovery. The remaining 4 are undergoing recovery, and in cooperation with Microsoft Korea, they are verifying whether there are additional affected companies. A ministry official stated, "Inconveniences in public services or business-to-consumer (B2C) services have all been resolved," but added, "It is difficult for companies to monitor the PC recovery status of all employees individually." The three mobile carriers with mandatory reporting obligations during disaster outages, as well as major telecommunications operators including Naver and Kakao, reported no damage from this incident.
According to the Ministry of Land, Infrastructure and Transport and the aviation industry, the ticketing and reservation systems and online websites of Jeju Air, Eastar Jet, and Air Premia, which experienced errors starting around 3:30 PM on the 19th, were restored by approximately 3:30 AM on the 20th.
The flights of these three LCCs were delayed a total of 92 times: 31 flights at Incheon International Airport and 61 flights at other domestic airports such as Gimpo and Jeju. There were no cancellations. By airline, delays occurred for 61 flights of Jeju Air, 30 flights of Eastar Jet, and 1 flight of Air Premia. Other domestic airlines and domestic airports, including Incheon Airport, operate their own clouds, so there was no disruption in flight operations.
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
