In an effort to combat scams and identity theft, South Korea will mandate facial recognition for new mobile phone number registrations starting on March 23. This new policy, announced by the Ministry of Science and ICT, aims to ensure that the individual signing up for a number matches their identification photo in real-time, thereby preventing the activation of phones registered under false names.
Meanwhile, cybersecurity threats are evolving as attackers increasingly utilize legitimate tools like the open-source monitoring software Nezha. A recent investigation by Ontinue highlighted how this tool, originally designed for system health monitoring, is being weaponized to gain remote access to compromised systems. The tool's deployment often includes a bash script linked to a remote dashboard on Alibaba Cloud in Japan, facilitating unauthorized access.
According to Mayuresh Dani, security research manager at Qualys, the use of Nezha exemplifies a modern attack strategy where threat actors exploit legitimate software to maintain stealth and evade detection by traditional security measures. This trend underscores the need for heightened awareness in cybersecurity, as threats become increasingly indistinguishable from normal activities.