By Tatsuya Sudo, senior writer
It was learned that there have been cyberattacks targeting companies operating critical infrastructure, such as electric power, gas, and railways, and government offices, since four years ago, but computer virus infection had remained undetected for nearly two years and six months in some cases, so massive theft of data might have occurred unnoticed. The Tokyo Metropolitan Police Department is investigating new paths of infection it uncovered.
LAC Co., a leading cybersecurity firm, has received inquiries from numerous companies about cyberattacks by a virus called Daserf since January 2013. An analysis showed that 60% of these cases concerned electric power, gas, and other facilities designated by the government as critical infrastructure, as well as government offices in 13 areas, with the remaining cases relating to machinery makers related to infrastructure.
An analysis of the virus showed that it had remained active for several months to two years and six months after infection. There were signs that files had been sent to outside parties, so it is reckoned that this virus is a “cyber spy” for the purpose of stealing classified information. Data was encrypted, so it is unknown what information had been leaked.
The distinguishing feature of Daserf is its clever configuration that prevents the detection of virus infection. According to the Japanese subsidiary of major U.S. IT company Dell Technologies (in Kawasaki City), this virus has been able to change the filenames and their locations in the computer and disperse communication links with outside parties, thus evading detection by cybersecurity software and internal filters.
New paths of infection were uncovered in late 2016. This virus infiltrates computer systems through a vulnerability in the SKYSEA software used for unified internal management of computer systems.
Sky, the major Osaka-based IT company that developed this software, disseminated a program to correct the vulnerability last December. SKYSEA is used by some 10,000 organizations in Japan, including government offices, financial institutions, infrastructure, and other sectors, on about 4.66 million computers. In response to inquiries, Sky said “we are currently contacting all our customers and dealing with this issue.”