[ED] Defenseless against NK hackers | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker

National Assembly should immediately pass cybersecurity bills

North Korean hacking groups were found to have infiltrated the internal networks of South Korea’s defense companies and stolen technical data over the past 18 months, police said on Tuesday. The North’s three major hacking groups – Lazarus, Andariel and Kimsuky – combined forces in all-out attacks against the defense firms.

Police said the three groups mounted offensives against 83 domestic defense companies from late 2022. Ten firms were confirmed to have been hit. However, the police added that they could not confirm the specifics of the technology used or the dates concerning the alleged data thefts. In doing so, North Korea was found to have mobilized various measures, including direct access, the planting of malicious code and the theft of information from server accounts.

What is more worrisome is that the targeted companies were totally unaware of the attacks until police and the National Intelligence Service (NIS) embarked on investigations early this year. It’s truly astounding to witness such glaring loopholes in matters so closely tied to national security.

Anxiety is growing over the possible leak of key national secrets, as most of the hacked parties comprise major enterprises, thus posing a daunting threat to national security. The North’s cybercrime abilities are becoming increasingly sophisticated as time passes, utilizing state-of-the-art artificial intelligence (AI) technology.

North Korea has so far stolen technologies pertinent to drone engines and launchers of submarine-launched ballistic missile (SLBM). Now itis mobilizing its hacking groups in a desperate bid to steal South Korea’s key defense technologies related to missiles and radars. North Korea’s actions are particularly menacing, especially at a time when South Korea is on the brink of emerging as a significant global player in the defense industry. In 2021, the North hacked Korea Aerospace Industries (KAI), which manufactures KF-21 fighter jets. All these cases, and no doubt others, prove the North’s cyberattacks seriously undermine the South’s national security.

According to the NIS, the number of international cyberattacks against South Korean public entities reached 1.62 million a day on average last year, up 36 percent from a year earlier. Of them, attacks from the North accounted for 80 percent.

South Korean weapons have been flourishing in global defense markets. Las December , President Yoon Suk Yeol unveiled an ambitious plan to elevate the nation’s defense industry to the ranks of the world’s top four by 2027. The government is also seeking to pour 400 billion won ($290 million) this year into the development of defense parts and materials.

Unless the nation effectively addresses the cyberattacks from North Korea, the burgeoning defense industry could suffer detrimental consequences. There should be increased efforts to enhance security awareness among defense companies, coupled with bolstered security education at the state level.

Despite the graveness of the situation, however, the Yoon administration has largely failed to take due steps. In contrast, the United States and Japan have been running a security control tower whose mission is to safeguard national security. But the control tower has remained feeble, being divided between the government and civilian sectors, thus failing to effectively cope with cyberattacks.

Three cybersecurity-related bills are awaiting passage at the National Assembly. They are designed to install a pan-government control tower while boosting cooperation between the government and related companies. But the bills have remained unlegislated for more than four years amid partisan bickering. This has been mainly due to opposition from the main opposition Democratic Party of Korea (DPK) wary of the possible repercussions from civic groups citing the possible surveillance of South Korean citizens. This is equivalent to dereliction of duty. The current 21st National Assembly should pass the relevant bills without fail before its term ends.


Click Here For The Original Story From This Source.


National Cyber Security