Recent developments in AI, IoT, and cloud computing have changed our daily lives, but domestic and international companies and organizations are becoming increasingly anxious about being exposed to cyberattacks that occur continuously. As cyberattacks that threaten supply chain security are becoming more diverse behind the innovation brought about by digital transformation, the telecommunications sector, which has a large social impact, is also required to prepare for them.

On January 29, LG U+ experienced a DDoS attack on its internal server, which caused wired internet and Wi-Fi connections to be cut off. LG U+ secured a bypass route and immediately restored the server, but it was revealed that damages such as online business interruptions continued. LG U+ stated that the incident was not related to Xiaoqiying.

Prior to this, on January 10, an external attack occurred at LG U+, resulting in the leak of personal information of approximately 180,000 customers. LG U+ said it would prepare a quick response, but on February 4, following the January 29th attack, another DDoS attack was launched against LG U+'s information and communications network.

In relation to these cases, the Ministry of Science and ICT recently announced that the main cybersecurity threat is the increase in attacks by international hacking organizations targeting countries and industries.

The evolution of malicious programs, such as fraud and hacking that exploit social issues, including Internet communication network intrusions, has increased. In addition, there have been increasing cases of targeting vulnerabilities in corporate SW supply chains through open source sharing sites and infecting complex supply chain systems with malicious codes.

For example, the Chinese hacking group Xiaoqiying recently launched a cyber attack on 12 domestic organizations using a zero-day attack technique. In addition, Microsoft's Azure cloud service experienced a failure in January, causing an error that lasted for about 7 hours, which also deepened concerns about cloud security.

■ Ministry of Science and ICT and LGU+ actively respond to security incidents The Ministry of Science and ICT operated a 'Special Investigation Inspection Team' on February 6 regarding the LG U+ DDoS incident and inspected problems with LG U+'s information protection prevention and response system. The special investigation team recently conducted a comprehensive cause analysis of the breach, identified the problems, and presented measures and improvement plans based on the results.

LG U+ has started to support customers who suffered damage from the internet communication failure that occurred in January by providing free SIM card replacement and U+ spam call notification app service support. This support is provided not only to corporate customers such as small business owners but also to individual customers.

On the 16th, LG Uplus also announced a 'cyber security innovation plan' that strengthens cyber attack response and personal information protection measures, as well as basic security and quality. LG Uplus CEO Hwang Hyun-sik apologized for the Internet service errors caused by DDoS attacks, and promised improvement measures such as ▲ expanding information security organizations, personnel, and investment ▲ conducting vulnerability checks and simulations with external security experts ▲ training cyber security experts, etc.

LG Uplus will increase its information security investment by three times from the previous amount to KRW 100 billion and improve its security level based on the ‘zero trust architecture.’ ‘Zero trust’ is a double verification method that identifies threats without granting authority to all objects within the network until an explicit need is confirmed.

■ Strengthening public-private cybersecurity competitiveness is essential

The domestic security market size in 2022 is expected to be KRW 6.7195 trillion, up 9% from 2021. It is expected to grow by 4.8% and 3.8% in 2023 and 2024, respectively.

In particular, with the recent development of AI technologies such as ChatGPT, security has become even more important. It is urgent to prepare preemptive countermeasures against cybersecurity threats such as attacks using AI technology and mass production of malware. It is necessary to establish early response measures to prevent the spread of damage, such as an advanced backup system, against various possible security threats.

The Ministry of Science and ICT held a meeting with public and private sector experts and information security experts on the 28th to discuss security management measures that are becoming increasingly important. At the event, the status of technology development and improvement of cyber security control to protect our country's scientific and technological research results from cyber attacks were reviewed.

Both the government and the private sector emphasized the importance of securing future competitiveness in cybersecurity by establishing preemptive countermeasures based on scientific and technological innovation. There was a consensus that it is important to introduce innovative technologies, such as applying AI-based detection systems to cybersecurity control, to counter increasingly intelligent cyberattacks.
The three mobile carriers have stepped up their cybersecurity competitiveness and are strengthening their supply chain security.

On the 20th, SKT launched the 'Quantum Crypto Chip', which provides integrated quantum random number generation and encrypted communication functions. It was introduced at MWC23 held in Barcelona, Spain.

This chip, which combines a quantum random number generator (QRNG) chip and a semiconductor for cryptographic communication functions, is an ultra-light, low-power chip that provides strong security functions to various IoT-based products and devices. SKT announced that it has applied quantum-based encryption key generation technology and physical anti-cloning technology.

SKT said, “Quantum cryptography chips provide strong security features while also increasing economic efficiency,” and added, “It is expected to be actively applied to various products in the defense and public markets.”

Last August, KT launched 'KT SafeNet' to provide a secure Internet service that allows small and medium-sized businesses to block malicious sites without expensive equipment or separate operating personnel.

According to the Korea Internet & Security Agency, small and medium-sized enterprises accounted for 90% of the companies that suffered hacking damage from 2019 to mid-2021.

Through 'KT SafeNet', users can block hacking sites registered in KT's DB. Users can receive security guides and receive reports on the security status of their workplace. KT said, “KT SafeNet can help small businesses solve their burden in terms of cost and manpower at 4,400 won per month.”

LG Uplus announced that it would demonstrate its security capabilities by installing quantum-resistant cryptography (PQC) transmission equipment in the research power communications network of the Korea Electric Power Research Institute (KEPRI) in November last year.

The 'power communication network' is a private communication network operated by Korea Electric Power Corporation, and is a highly reliable network that safely transmits nationwide power grid data in real time.

LG Uplus will build quantum-resistant encryption transmission equipment and demonstrate encryption technology at the KEPCO Gochang Power Test Center for power communications research and demonstration networks, with the know-how it has accumulated from three years of government-led quantum cryptography infrastructure construction and operation projects.

The two companies said, “We hope to demonstrate quantum-resistant cryptography technology in power infrastructure that requires high security and establish a security system that can preemptively respond to cyberattack threats in the coming era of quantum computing.”