Evaluating Security Practices in Response to Colonial

            Pipeline And South Korean KAERI Attacks

            Zero Trust and Enforcing the Principle of Least Privilege Have Become Crucially Important.

            By Garret Grajek, CEO, YouAttest



            In recent news, we have seen several high-profile attacks on major institutions in the United States and
            abroad. In early May of this year, the Colonial Pipeline in the United States was attacked and late last
            month it was reported that a North Korean hacking group, Kimsuky, breached the network of the Korea
            Atomic Energy Research Institute (KAERI) on May 14th. KAERI was established in 1959 to achieve self-
            reliance in nuclear core technologies and has since achieved that goal, making it a prime target for an
            energy-starved  North  Korea.  In  the  wake  of  these  attacks,  we  must  reflect  on  the  strengths  and
            vulnerabilities of our cybersecurity mitigation attempts and look to bolster those efforts.


            In the case of the South Korean attack, if the North Korean espionage group successfully exfiltrated
            information, it is believed this could be the largest security breach in South Korea since the attack on the
            defense ministry in 2016. The group could have gained access to information that would benefit the
            nuclear programs in North Korea, as KAERI has information on small modular reactors and other power








            Cyber Defense eMagazine – August 2021 Edition                                                                                                                                                                                               37
            Copyright © 2021, Cyber Defense Magazine.  All rights reserved worldwide.