Tokyo-based Taiyo Nippon Sanso Corporation, an industry leader in supplying industrial gases to chemical plants and medical facilities in Japan, has suffered a cyberattack. Hackers obtained administrative privileges, which allow access to a wide range of information within the system. There is a possibility that the company’s internal information, including the personal information of about 10,000 employees, was stolen. An expert warns, “This could lead to another cyberattack targeting infrastructure-related companies.”
According to Taiyo Nippon Sanso, the company noticed suspicious activity in March 2016 in which its server that stores internal information was accessed using administrative privileges. This prompted the company to investigate the situation.
As a result, it was discovered that the server was infected by at least four different viruses and the administrative privileges had been obtained. Consequently, 600 servers — most of those in the system — were made vulnerable to outside access by remote control. The company also found out that one of the servers was accessed from outside without permission twice in the same month, and about one gigabyte of company’s data — equivalent to the amount of information on 350,000 sheets of A-4 sized paper — was compressed into a zip file. The data included the email addresses of about 10,000 employees of the company and its affiliates. Taiyo Nippon Sanso removed the viruses and reported the incident to the Metropolitan Police Department in the following month.
Taiyo Nippon Sanso is the industry leader in Japan and ranks fifth in the world among companies that manufacture and sells nitrogen for preventing explosions to chemical plants and oxygen to medical facilities. In this attack, hackers targeted employees’ personal information. With the detailed personal information stolen, it is possible for the hackers to send emails containing viruses specifically to employees with administrative privileges, who are likely to open such emails without raising suspicion.
Professor Masakatsu Morii, who specializes in information communications engineering at Kobe University, said, “Hackers can carry out targeted cyberattacks against employees and customers by using the stolen data and eventually extract classified information such as plants’ security system and gas composition to plan the physical destruction of manufacturing facilities.”
Since emails containing viruses are exchanged widely on a daily basis, an increasing number of companies are reporting damage due to cyberattacks. At the same time, many companies hesitate to report incidents or release information on possible attacks when they are still uncertain as to whether they have suffered a cyberattack, Taiyo Nippon Sanso did not report the incident to the Ministry of Economy, Trade and Industry, which is in charge of the gas industry, or the Information-Technology Promotion Agency, which calls on companies to report damage due to cyberattacks. (Abridged)