Most of cyber-attacks that had taken place during the first half of this year were carried out to extort or obtain cryptocurrencies. First primary target of these attacks was website followed by weak spots of e-mails and WebLogic.
SK infosec’s EQST Group analyzed various cyber-attacks that had occurred in South Korea during the first half through its periodic media day. “There is an increasing tendency where cyber-attacks such as GandCrab ransomware and attacks on cryptocurrency exchanges tend to target monetary gains.” said Director Lee Jae-woo of EQST Group. “After the summit between South Korea and North Korea that took place on the 27th of April, cyber-attacks that are assumed to be from North Korea have continued to take place with a tendency of collecting information.”
Although there were no major attempts from hackers during the first half of 2018, there were many attacks such as attacks on Pyeongchang Winter Olympics, GandCrab ransomware, and attacks on Coinrail and Bithumb that targeted cryptocurrency exchanges.
After SK infosec analyzed attempts of cyber-attacks on its customers, there were 1.57 million cases during the first half of 2018 which is about 25% smaller than that of last year. China saw the most attacks with 350,000 cases followed by South Korea and the U.S. with 260,000 cases. Reason why South Korea is listed on the second place is because it was used as a ‘layover for cyber-attacks.”
Out of 11 attempts that were actually led to infringement incidences, 6 of them were ransomwares (Magniber, Hermes, GandCrab, Cryptowall) and 4 of them were malwares that targeted mining of cryptocurrencies. Ultimate goal of all 11 cases was to obtain cryptocurrencies. The top cause of cyber-attacks during the first half was spread of web malwares (31%) followed by inflow through e-mails (25%) and weak spots of WebLogic (19%).
“It was concluded that most of malwares that had occurred in South Korea during the first half were ransomwares.” said Director Lee. “80% of them targeted mining of cryptocurrencies and acquisition of cryptocurrencies.”
There were also many attacks that targeted weak spots of Apache’s Struts. Out of 7,000 weak spots that were found, 43% of them were weak spots of open source software. Importance of open source security is being brought up as there were many weak spots with ‘Remote Code Execution’.
“Although e-commerce and secondary financial industries are using open sources as they introduce Big Data to their businesses, they are not applying security patches on time.” said Director Lee. “It is difficult for them to supplement their open sources in the future if they do not apply security patches from the start of using open sources.”
Staff Reporter Jung, Youngil | jung01@etnews.com