As the threat of cyber attacks increases around the world following Russia's invasion of Ukraine, Japanese companies are being targeted by attacks and suffering serious damage one after another.

The Ministry of Economy, Trade and Industry is calling on business owners and others to strengthen security measures.

On the 26th of last month, Toyota Motor's main customer parts maker "Kojima Industries" suffered a system failure due to a cyber attack, and on the 1st of this month Toyota stopped operation of all domestic factories. rice field.

At the same time, on the 27th of last month, an American group company of a major tire manufacturer "Bridgestone" was also hit by a cyber attack, and several factories in North America and Latin America were shut down.

In addition, on the 10th of this month, unauthorized access was confirmed at the German base of Toyota Group's major automobile parts maker "Denso", and on the 13th of this month, the major confectionery maker "Morinaga & Co." also sent to the in-house server. Unauthorized access caused problems such as multiple systems going down, affecting the manufacture of some products.

Both companies are believed to have been victims of a cyberattack using a ransomware computer virus called "ransomware."

The criminal group that attacked "Denso" has issued a statement that it will steal and disclose more than 157,000 confidential information such as purchase orders and emails on the dark web = dark site on the Internet, and "Morinaga & Co." It has been revealed that the personal information of more than 1.64 million customers may have been leaked.

According to a survey conducted by the private research company "Teikoku Databank" on more than 1,500 companies in Japan from the 11th to the 14th of this month, 28.4% of the companies answered that they were "received a cyber attack within a month". It means that it went up.

Not only large companies but also overseas subsidiaries and small and medium-sized enterprises in the supply chain are targeted by cyber attacks, and according to the National Police Agency, there were 146 cases of cyber attacks by "Ransomware" in the last year. Of the companies and organizations in Japan, 79 were small and medium-sized enterprises, accounting for 54% of the total.

The Ministry of Economy, Trade and Industry said that the potential risk of cyber attacks is increasing over the situation in Ukraine, and the Cabinet Cyber ​​Security Center is jointly named with six ministries such as the Ministry of Economy, Trade and Industry and the Police Agency this month to domestic companies and companies. We issue a warning document to organizations and others, calling attention to "I want you to take appropriate security measures so that you can control the risks that occur by yourself by considering the entire supply chain such as small and medium-sized enterprises and business partners." ..

"Emotet" peak crossing threat

"Emotet" is an increasing threat as a computer virus that attracts "ransomware".

If you are infected with "Emotet" by opening the attached file of the sent e-mail, the contact information of the terminal and the contents of the e-mail will be stolen.

Then, we will send an e-mail by quoting documents that were actually exchanged with the business partner in the past, and spread the infection to other organizations.

"Emotet" also has a function to attract even more dangerous viruses, and there are many ways to infect "Emotet" in advance and then send "ransomware" later.

In January, the "Emotet", which has been rampant all over the world for the past few years, was declared to be suppressed by the detection of international organizations.

However, after that, the resumption of activity was confirmed, and since the beginning of this month, the momentum has greatly exceeded the peak time of the adult, when the infection was the most widespread.

According to the JPCERT Coordination Center, an information security specialist, the number of e-mail addresses that may have been infected with Emotet and sent illegally in Japan has increased sharply since last month, and as of the 2nd of this month, it is close to 9,000. And, the infection is more than five times as widespread as in September.

Compared to large companies, small and medium-sized companies with insufficient security costs and personnel are targeted, and there are cases where they target large companies with which they do business, not only for large companies but also for a corner of the supply chain. There is also an urgent need for security measures for small and medium-sized enterprises that are responsible for this.

The site of cyber attack training

What should I do if I receive a cyber attack?

There is also a growing demand for programs for businesses that train practical responses.

The program is offered by a cybersecurity company headquartered in Israel.

In Israel, where cyber wars continue with neighboring countries in the Middle East such as Iran, many private cyber security companies that have diverted military technology have been born, and this company has about 600 Japanese companies such as electric power companies and major electric appliance manufacturers as customers. I am.

As Russia's military invasion of Ukraine increases the risk of cyber attacks, it is said that inquiries have been received not only from large companies but also from small and medium-sized companies since the beginning of this month.

The Israel Electric Corporation, which established this security company, receives 200 million cyber attacks annually, demonstrating the latest cyber attacks occurring all over the world, actually invading the system with viruses, and responding to them. Training is a major feature of the program.

Six Japanese companies participated in the training held in Tokyo on the 9th of this month.

Participating companies are not informed of any training scenarios in advance, and hackers from the Israeli Defense Forces cyber unit act as attackers.

The first target of this day's training was the company's web page.

When a participant detects an attack and tries to check the site, it has a program that leads to another malicious site, allowing the virus to invade.

Hackers then qualify for higher-privileged users to spread the infection, and finally use "ransomware" to hijack all devices and encrypt data in about 1 hour and 40 minutes. It's gone.

A system manager from a manufacturer in Okazaki City, Aichi Prefecture, who participated in the training said, "I feel that targeted emails actually arrived at the company in late February and the threat of cyber attacks is becoming more familiar. So, I realized that one or two hackers are better at it, and I became more aware of the crisis. The damage is a moment, but if the company stops for a few months, it may go bankrupt. I want to be careful with everyone's sense of ownership. "

Takahiro Matsuda, COO of "Cyber ​​Gym Japan", which provides training programs, said, "Since hackers usually use weak spots as the entrance to attacks, it is easy for small and medium-sized enterprises that do not have sufficient countermeasures to be targeted. It is important for companies to detect the virus as soon as it is invaded and respond calmly, rather than "not letting it invade". If the world situation becomes unstable, cyber attacks will increase. In the cyber space, I think it is necessary to recognize that Japan is also in a state of war and take emergency measures to continue its business. "

Small and medium-sized maker "really scary"

Small and medium-sized manufacturers in Toyohashi City, Aichi Prefecture, are becoming more vulnerable to cyber attacks, as the president himself participates in the training for cyber security companies held on the 9th of this month.

This company has about 40 employees and manufactures food dryers, etc., but since DX = digital transformation was promoted in the wake of the corona disaster, security measures such as computers became more important than ever. It is said that there is.

For this reason, the company first decided to check the connected network for vulnerabilities that make it vulnerable to cyber attacks.

In addition to checking all at once whether the OS = basic software and installed software have been updated to the latest state, we also utilize software that determines whether malicious programs have been set up.

In addition, in order to raise employee awareness, we have frequently issued internal notices calling attention to "Emotet," which is becoming a threat worldwide since the beginning of this month, and we have also set up a cyber security countermeasure team within the company. We regularly provide training for employees.

Nobuaki Hara, president of a small and medium-sized manufacturer, said, "Until now, we had not expected a company of a size like us to be targeted, but recently, there is a risk that the weak points of small and medium-sized companies will be struck and cause inconvenience to our business partners. I feel really scared because there is. It is difficult to spend money on a limited budget, but since it is a management issue related to business continuity and company survival, I would like to focus on my wisdom. " I was talking.