"Caught Lying Again"... YES24 Claimed 'No Problems' but Security Holes Everywhere [Concealment 15]

YES24, whose services have been suspended for four consecutive days due to a ransomware attack, was found to have refused not only a security audit by the Korean Publishers Association (KPA) two years ago, but also a simulated training exercise by the Korea Internet & Security Agency (KISA). Critics argue that the incident was caused by YES24's repeated refusal to undergo inspections and its lax security management.

According to an investigation by Asia Economy on June 12, YES24 explained its refusal to participate in the KPA's security audit and simulated hacking in July 2023 by stating, "We already participated in a KISA-led training and concluded there were no issues, so we did not undergo the KPA's audit." However, KISA refuted this, saying, "A comprehensive investigation of all divisions found no record of YES24 participating in KISA's simulated hacking or training at that time."

Previously, following the hacking incident involving Aladin's e-book service in May 2023, the KPA formed the "Aladin E-book Leak Damage and E-book Security Audit Team," comprised of security firms and experts. The team conducted a security audit, including simulated hacking, on online bookstores except for YES24. A KPA official stated, "YES24 refused the audit, but other online bookstores such as Aladin, Kyobo Bookstore, and Ridibooks all participated."

In addition, in its second statement released the previous day, YES24 announced, "We are making every effort to analyze the cause and restore services in cooperation with KISA." However, KISA stated that this announcement did not reflect the actual situation at the time. Ransomware specialists from KISA visited YES24's headquarters twice, on June 10 and 11, to assess the situation, but YES24 did not cooperate with KISA's technical support. Amid mounting criticism that YES24 had been caught lying, the company requested technical support from KISA at around 11:30 a.m. on June 12.

The cybersecurity industry pointed out that such poor security awareness led to the hacking attack. Lee Hyungtaek, head of the Korea Ransomware Response Center (and CEO of Innotium), who has responded to more than 20,000 ransomware attacks over the past decade, said, "The YES24 hacking incident is a typical ransomware attack," and added, "If YES24 had undergone the KPA's security audit two years ago, it might have avoided the ransomware attack."

An industry insider said, "While it's true that most companies are reluctant to invest in security, companies in the book industry are particularly bad." The insider continued, "Even when we supply security solutions, they constantly ask for price reductions or suggest removing features to cut costs," and added, "With such low security awareness, vulnerability to ransomware infections is inevitable."

© The Asia Business Daily(www.asiae.co.kr). All rights reserved.