print PRINT

SECURITY > Cybersecurity

Japanese companies increasingly target of ransomware cyber-attacks

  • September 7, 2020
  • , The Japan News , 5:04 p.m.
  • English Press

Cyber-attacks, invisible to the eye, are becoming more sophisticated and common sense as it relates to security measures is changing. How should companies and individuals prepare for this ever-looming malice? While artificial intelligence (AI) and big data have been used to prevent crimes and investigate criminal cases, concerns have emerged over this surveillance society.


■Dark web


Ransomware is a type of computer virus that steals or encrypts corporate data, after which the perpetrators demand a ransom for data recovery. This type of malware has gone on a rampage. In Japan, damage to Honda Motor Co. and several other companies and organizations have increasingly come to light.


On an English-language site on the dark web, where anonymous information exchanges are possible, a hacking group posted a message that uncooperative companies that have hidden the success of its cyber-attacks will be named on the site. The names of companies from around the world have been listed with the claim that the hacking group has successfully carried out cyber-attacks to steal their data. In early July, a mold manufacturing company based in Aichi Prefecture was also named, and some of its stolen data was revealed.


With the click of a button, site users can download internal documents for free. For the Aichi-based company, the documents included order forms, vouchers, blueprints and photos of equipment that company employees had taken on their overseas business trips.


The hackers tried to obtain a ransom from the company in return for the rest of the stolen data, urging the firm to fill a designated form to contact them.


The company told The Yomiuri Shimbun that it had made public the fact that internal documents about its clients had been leaked by a cyber-attack, but it had not known about any threatening posts.


“We have been apologizing to our customers,” a company official said. “We didn’t pay any ransom.”


A succession of companies have suffered damage from ransomware. In February this year, an overseas unit of heavy-industry manufacturer IHI Corp. was hit by a cyber-attack and its internal documents were revealed on a site operated by the perpetrator of the attack. The data was encrypted and the perpetrator demanded money for data recovery. However, the company refused to pay.


In October 2018, the Uda City Hospital in Nara Prefecture experienced disruptions in its electronic medical record system for two days. An attacker encrypted the electronic medical records and demanded a ransom to recover the data. The hospital did not pay the ransom and recovered the data the following year.


■Black market


On the dark web, a wide variety of illegal products are listed on a black market. The items on the market include numerous “trophies” from cyber criminals, and some of them have been stolen from Japan.


On one English-language site, apparent credit card numbers are sold, of which more than 4,000 cards are claimed to be from Japan. A single credit card number sells for around $130 (about ¥14,000).


Information about access to computers and servers that are vulnerable and can be easily hacked is also sold on the site. A piece of such information costs around ¥750. There are more than 100 pieces of information related to “Tokyo,” which can be purchased with highly anonymous cryptographic assets. A Japanese-language site promotes sales of guns.


According to research conducted in July by Tokyo-based information security company Trend Micro Inc., the right to access the network of a Japanese medical university was sold for $999.


Katsuyuki Okamoto, an official of the company, said there is a black market that allows users to connect to it without using anonymizing software.


“There are also some black market sites in which users get infected with viruses and have their information stolen just by browsing them,” Okamoto said. “It’s better not to connect to such sites casually.”


■Olympics targeted


Ahead of the Tokyo Olympics and Paralympics, which have been postponed until next summer, cyber-attacks on Japan are expected to suddenly increase. As major international events tend to be targeted by hackers, the government has launched national efforts to deal with cybersecurity issues.


The National center of Incident readiness and Strategy for Cybersecurity (NISC), the government’s control tower to take measures against cyber-attacks, has designated 23 sectors related to the Tokyo Games, such as communications, electricity and railway sectors, as “critical service areas.” It has checked about 300 business operators in the areas to see if they have taken appropriate measures.


The Olympic Games in the past have repeatedly been targets of cyber-attacks. The 2012 London Games came under a distributed denial-of-service (DDoS) attack in which massive amounts of data were sent to the power system of the Olympic stadium to overwhelm it. At the 2018 Pyeongchang Winter Olympics, a computer virus dubbed “Olympic Destroyer” was used to disrupt the system, making ticket issuance unavailable for a while.


In Japan, the National Police Agency has placed sensors on the internet to detect suspicious communications that appear to be cyber-attacks. The average number of cases of suspicious communications detected by a single sensor last year was 4,192 a day, which means one case detected about every 20 seconds. The figure rose 52.3% from the previous year, hitting a record high.


“Due to the novel coronavirus pandemic, the number of companies that are operating with staff working from home has increased,” an NISC official said. “It’s important to establish a system that can also monitor attacks remotely.”

  • Ambassador
  • Ukraine
  • COVID-19
  • Trending Japan