The Importance of Security Culture: When Telecom Giants Resort to Malware

Evangelists-Javvad MalikI recently read a story about a South Korean telecom company that pushed out malware to over 600,000 of its customers who were using torrents to share files, in a bid to limit their file-sharing capabilities.

Users reported that their files went missing, random folders appeared, and in some cases, their PCs were disabled.

Honestly speaking, when I first read the story, I chuckled a bit and referred to it as "next-gen, host-based throttling", which had all the benefits of killing the service that was putting a load on the network while maintaining all other services.

However, upon digging a bit deeper into the story, it appears that KT, the South Korean telco, didn't just randomly push a small bit of code down to their users. An investigation has reported an entire team at KT dedicated to detecting and interfering with file transfers, with some workers assigned to malware development, others to distribution and operation, and wiretapping.

A setup like this goes way beyond mere throttling of a service; it's one step away from a full-blown criminal enterprise. The key here is installing any kind of software on a user's machine without their knowledge or consent.

More importantly, a setup like this isn't something that happens in isolation; this isn't a case of a couple of rogue insiders, it's a concerted effort by the organisation with executives either being active participants or willingly turning a blind eye to the activities.

This showcases a poor security culture across an organisation, where the development and distribution of malware is considered an acceptable way to manage bandwidth challenges. While the intent may have been good, the execution of the idea was terrible and opened the organisation up to legal challenges.

That's why fostering a strong security culture isn't something that happens overnight, and neither does it happen in isolation. It is a conscious and sustained effort. As John Childress says in his book Culture Rules - "you get the culture you ignore."

Imagine seeing an athlete: lean, strong, full of energy, and with endless stamina. You wouldn't assume that becoming an athlete was an accidental thing that just happened. You'd know that it took dedication, discipline, and many, many hours of repetition to get where they are.

The same applies to culture. Unless you work on it, your organisation will end up unfit and spreading malware like it's business as usual.

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews