S. Korean KT hack highlights cybercriminals' growing sophistication

Hackers evaded discovery for five months after breaking into the computer systems of a major South Korean phone company, a sign that cybercriminals' evasive techniques are growing more sophisticated, security experts say.

South Korean police on Sunday reported the arrest of two people suspected of hacking into the network of KT Corp., the country's second largest wireless operator. Seven others who allegedly bought stolen KT data were also charged, the Yonhap News Agency reported.

Hackers apparently broke into KT's computer systems in February and siphoned off the personal data of 8.7 million customers before the company reported the breach to police on July 13. Investigators have accused the suspects of earning at least $880,000 from selling the stolen data to telemarketing operators. Such information is used to try and convince people to switch phone providers as their contracts near expiration.

"Information is highly valuable, and these adversaries are mining for all they can get," James Walter, security researcher for Intel-owned McAfee, said in an email Monday about data-stealing hackers.

[See more CSO coverage of malware/cybercrime.]

The sophisticated hacking program used to penetrate KT's defenses took nearly seven months to develop, investigators told Yonhap. Such advanced tools are no longer unusual among hackers, who are becoming much better at hiding malware once it's installed in a system.

In its 2012 data breach report, Verizon Communications found that 85% of companies took weeks or more to discover their networks had been hacked, up 6% from last year. "This lack of awareness is not uncommon, and [it] would not surprise me to learn it was a factor in the KT breach," Scott Crawford, managing research director for Enterprise Management Associates, said in an interview via email.

Companies are becoming more aware of the possibility that malware may lie undetected in their networks. As a result, more than a third of enterprises surveyed by EMA planned to expand their use of malware-detection technology that gathers and analyzes log data taken from network hardware and software. More than 40% of the companies without such technology expect to deploy it in the next three years.

"The technologies and disciplines of data management and analytics have become one of the most significant trends in IT in the last few years," Crawford said.

KT is Korea's largest fixed-line telephone company. Its 17 million wireless customers represent almost half the mobile phone users in the country, according to Yonhap.

KT is not the only large Korean company to suffer a major attack. A year ago, hackers broke into web portal Nate.com, owned by SK Communications, and stole the personal data of more than 35 million users. In November, online gaming company Nexon Korea had the personal data of 13.2 million subscribers stolen by hackers.

Read more about malware/cybercrime in CSOonline's Malware/Cybercrime section.

Join the CSO newsletter!

Error: Please check your email address.
Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Antone Gonsalves

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts