'Hacking' has become an unwelcome guest that has been troubling the nation lately. From major telcos like SKT, KT, and LG Uplus to the recent breach at domestic security firm SK Shieldus—which saw data leaked from 120 private companies and numerous public institutions—the landscape is concerning. Given that gaming companies handle a treasure trove of sensitive personal data and payment details, it is high time they took their cybersecurity seriously.

To that end, the Korea Association of Game Industry teamed up with the Korea Information Security Industry Association on the 27th to co-host a 'Cyber Security Technology Seminar'. Neowiz CISO Kim Young-tae took the stage to walk us through their response to an incident believed to have targeted major gaming firms. The breach occurred on May 17th of last year, and Neowiz detected it and reported it to the Korea Internet & Security Agency on May 21st. While the detection was a bit delayed, there was no user data loss, save for one employee's PC account and password credentials.

CISO Kim revealed that this was a 'Supply Chain Attack'. It is a method where attackers exploit vulnerabilities in a company's partners or software supply process to infiltrate. In Neowiz’s case, the trouble started with an external security solution.

CISO Kim elaborated, "When we checked the list of predefined IPs—IP addresses designated for specific system uses—we found they belonged to gaming companies all over the country. It was a case of attackers compromising a security solution that specifically targeted gaming firms." He added, "The structure was designed to execute actions if a match was found within those predefined IPs, effectively hunting down gaming companies."

He stressed that a company’s internal security team cannot fight off these supply chain attacks on their own. We need to tighten up the verification processes for external vendors and security solutions. Since game clients are distributed to users via a complex chain involving developer PCs and cloud systems, we must foster collaboration across development and operations teams to verify the security of every update. As CISO Kim aptly put it, "It is a tough slog, and you have to do it stitch by stitch."

Finally, he offered two key suggestions. First is the adoption and management of SBOM. An SBOM, or Software Bill of Materials, is a list of every single component used to build a software product. The government is pushing to make SBOM submissions mandatory for all software supplied to public institutions by 2027. "We have successfully turned SBOM into a functional process," noted Kim.

The second point is 'Zero Trust'. The principle is simple: trust no one, verify everything. You must continuously monitor all access requests and grant only the minimum necessary privileges to keep the damage contained in the event of a breach. "Trust seems to have vanished," CISO Kim remarked. "You shouldn't trust anyone; you must verify." With more gaming companies relying on third-party security solutions and external clouds, being vigilant against supply chain attacks is no longer optional.

Furthermore, the barrier to entry for digital thieves is dropping. Baek Eun-kwang, a senior researcher at Korean security firm Genians, explained, "It has evolved into a 'Ransomware-as-a-Service' model, where anyone can hack. A developer with some knowledge can use a development kit to automate ransomware, bundle it with exploit codes, and peddle it on the dark web. If you subscribe to the service on the dark web, you get the tools to run the attack, harvest the data, and trigger the ransomware."

The current trend, he noted, involves using the dark web to purchase legitimate account credentials, VPNs, and RDP internal network information to launch attacks from within. To fight back, we are seeing the rise of IoAs. "Previously, we relied on IoCs, sharing signatures or IPs associated with known malware. But that has clear limits against unknown threats. That is why we are now using IoAs—analyzing attacker behavior to sniff out anomalies," explained Baek.

On-site, the Korea Association of Game Industry signed an MOU with the Korea Information Security Industry Association. The partnership aims to facilitate technical exchanges for safer game development environments, policy alignment between the security and gaming sectors, and cross-industry consulting.

Jo Young-ki, Chairman of the Korea Association of Game Industry, said, "Major gaming companies are building systematic security measures, but small and medium-sized developers often lack the resources to do so. I hope this cooperation with the Korea Information Security Industry Association will help startups and SMEs solve their security woes."

Jo Young-chul, Chairman of the Korea Information Security Industry Association, added, "We know the big players have top-tier security organizations, but SMEs and startups are often too busy to pay attention to security. Through this MOU, we will help identify each other's needs and spread cybersecurity awareness across the gaming industry."