"Japan is also in a state of war" Cyber ​​attacks aimed at companies How to confront?

April 5, 16:49

Japanese companies are being targeted by cyber attacks, and there are a number of cases of serious damage.

As the threat of cyber attacks increases around the world following Russia's invasion of Ukraine, some experts point out that "Japan is also in a state of war in cyberspace."

What should I do if I receive a cyber attack?

We closely adhered to the efforts of Japanese companies to confront the threat.

(Daisuke Nogami, Reporter, Ministry of Economic Affairs)

Adhering to cyber attack practice training

March 9, two weeks after the Russian military invasion began.

In a corner of the city center, system personnel from six Japanese companies, including major financial institutions, IT, and small and medium-sized manufacturers, were gathered.

This room has a system environment that looks like a real company in order to train in response to a cyber attack.

The training program is provided by the Japanese subsidiary of a cyber security company headquartered in Israel.

In Israel, where cyber wars continue with neighboring countries in the Middle East, many private cyber security companies that have diverted military technology have been born.

The biggest feature of this program is that it actually conducts cyber attacks to invade the system and learn how to deal with it.

By demonstrating the latest cyber attacks that are occurring all over the world, you can experience training just like a real battle.

“Israeli hackers attack”

A man projected on a large monitor.

He is a hacker from the Israeli Defense Forces who acts as an attacker.

Participants are not informed of any training scenarios in advance and must work together to defend the system.

Immediately after the start of training at 2:00 pm.

"Something is being targeted ..."

Participants with a tense expression first detect the change in the web page and respond in a hurry.

Then, it turned out that the number of accesses of unknown origin is increasing rapidly.

However, the moment I try to check the site, I am skipped to another page.

In fact, this site was equipped with a program that led to another malicious site.

Only 10 minutes from the start.

I allowed the virus to invade and I couldn't see the web page.

All computers have been hijacked ...

"There is one user with administrator privileges ..."

After that, the hacker gradually spread the infection from the invading entrance, and finally a mysterious user with "administrator privileges" appeared.

Hackers will grow accounts with higher privileges on their own.

And 1 hour and 40 minutes from the start of training.

Eventually, a ransomware-type computer virus called "ransomware" is sent in and the data is encrypted.

All my computers were hijacked and I couldn't operate them at all.

Participants who seemed to have a mixture of fear and admiration in their vivid tactics,

"completely done ..." and "horrifying ..." .

On the other hand, the attacker hacker who participated online from Israel still looks sleepy due to the time difference.

Then, while revealing the hacking method to the participating companies, he said, "If you take the time, the probability of success on the hacker side is almost 100%," as if it were a "work before breakfast."

The customers of this security company are about 600 Japanese companies such as electric power companies and major electric appliance manufacturers.

As the risk of cyber attacks increases, inquiries have been received not only from large companies but also from small and medium-sized companies since the beginning of March.

Participating in the training Manufacturer system person in charge

"I feel that targeted emails actually arrived at the company in late February, and the threat of cyber attacks is becoming more familiar. In this training, hackers are 1 I knew from the skin that I was good at both sheets and two, and I became more aware of the crisis. The damage is a moment, but if the company stops for a few months, there is a risk of going bankrupt. I don't think it can be prevented unless you have it. "

Why cyber attacks in Japan now!

??

Why is the threat of cyber attacks increasing in Japan now?

In fact, Ukraine has been hit by large-scale cyber attacks on government agencies and major banks more than a month before Russia's military invasion began.

Meanwhile, the Ukrainian government has also formed cyber troops and has declared that the international hacker group Anonymous will target the Russian government as an attack.

In other words, not only Russia and Ukraine, but also hacker groups that support both sides have become more active, and other criminal organizations are taking advantage of this turmoil all over the world.

US President Joe Biden warned on March 21 that "Russia is considering a cyber attack as a countermeasure against the imposition of economic sanctions by Western countries" based on confidential information.

Training program provider Takahiro Matsuda COO

"If the world becomes chaotic, the risk of cyber attacks will increase. Recently, attacks from neighboring countries are increasing in Japan, so Japan is already in a state of war in the cyber space. I think we need to be aware that we are becoming

All Toyota factories shut down One after another damage to Japanese companies

The source of the attack is unknown, but recently there have been a series of cases in which Japanese companies are actually targeted by the attack and suffer serious damage.

What is new to my memory is a cyber attack on Toyota Motor's customer parts maker Kojima Industries.

A system failure occurred due to the "vulnerability" of the remote connection equipment used by the subsidiary, and Toyota fell into a situation where all factories in Japan were shut down.

In addition, suspicions of unauthorized access to major companies and information leaks have been revealed one after another.

《Bridgestone》 On February 27, a group company in the United States was attacked, and several factories in North America and Latin America were shut down.

《Denso》 On March 10th, a German base was attacked and threatened to disclose confidential information.

<< Sanoh Industrial >> An American subsidiary was attacked on March 12, and there is a possibility that internal information may be leaked.

<< Morinaga & Co. >> An in-house server was attacked on March 13, affecting the production of some products.

Possibility of leakage of more than 1.64 million personal information.

《Nippon Antenna》 Attacked on March 28, a large-scale system failure occurred and data was encrypted.

E-mail transmission / reception and server access are impossible.

Both companies are believed to have been victims of cyberattacks using ransomware, a ransomware demanding type.

According to a survey conducted by the private research company "Teikoku Databank" from March 11 to 14, targeting 1547 companies in Japan, 28.4% of the companies answered that they were "received a cyber attack within a month". ing.

Threat virus "Emotet"

"Emotet" is a growing threat as a computer virus that attracts "ransomware" that Japanese companies are suffering from one after another.

If you are infected with "Emotet" by opening the attached file of the sent e-mail, the contact information of the terminal and the contents of the e-mail will be stolen, and a real-life e-mail based on past exchanges will be sent without permission. , Spreads the infection to other tissues.

And it is a common technique to infect "Emotet" in advance and then send in a more malicious virus "Ransomware".

According to the JPCERT Coordination Center, an information security specialist, the number of e-mail addresses that may have been infected with "Emotet" and sent illegally in Japan has increased sharply since February.

As of March 2, there were nearly 9,000 cases, more than five times the number of cases in September 2020, when the infection was most widespread.

Small and medium-sized enterprises, whose costs and personnel are not sufficient compared to large enterprises, may be targeted, which may lead to targets such as large enterprises with which they do business.

Takahiro Matsuda COO

"Since hackers usually use weak and easy-to-enter areas as the entrance to attacks, it is easy to target mid-sized companies, SMEs, factories in Asian countries, etc., for which countermeasures are not sufficient. From there, we will break into the network and finally target large companies. I think that all companies are the targets of cyber attacks. "

Strengthening measures against crisis for small and medium-sized manufacturers

A small and medium-sized manufacturer in Toyohashi City, Aichi Prefecture, who participated in the cyber attack training on March 9.

The president himself participates in the training, which is increasing the sense of crisis.

The company, which manufactures food dryers, has about 40 employees.

Since DX = digital transformation has been promoted in the wake of the corona disaster, if it is damaged by a cyber attack, the impact on business partners may spread more than ever.

For this reason, the company is strengthening measures.

We checked whether the connected network had "vulnerabilities" that were vulnerable to cyber attacks.

We also use a tool that checks all the installed software for the latest updates and finds out if malicious programs have been installed.

In March, a cybersecurity countermeasure team will be set up in-house, and training for employees will be held on a regular basis.

Participating in the training Manufacturer Nobuaki Hara

"Until now, we did not expect companies of a size like us to be targeted, but these days there is a possibility that the weaknesses of small and medium-sized enterprises may be exploited, so it really is. I feel scared. It is no longer a management issue because if it causes trouble to business partners, it will affect the survival of the company. I want to raise it. "

BCP for cyber measures

A cyber attack approaching regardless of the size of the company.

Mr. Matsuda, a security company, complains that there is an urgent need to take a step ahead.

Takahiro Matsuda COO

"It is important for companies to not only focus on" preventing "viruses from invading, but to detect them as soon as possible" after they have been invaded "and how to respond calmly. It is necessary to prepare a system to detect the virus quickly and to perform a simulation to prevent the spread of damage, such as shutting down the network quickly. Cyber ​​security should be considered as one of BCP = business continuity plan. We're at the stage. It's important for management and all employees to train, not leave it to the person in charge of the system. "

On the other hand, Ministry of Economy, Trade and Industry.

It is alerting companies with other ministries such as the Cabinet Office and the National Police Agency, saying that the industry is facing an unprecedented crisis of cyber attacks.

Shuji Okuda, Chief of the Ministry of Economy, Trade and Industry

"It is becoming more important to consider the entire supply chain, including business partners, rather than just looking at your own company. I would like you to take this as a matter and start responding. "

We are in an era where we and Japanese companies can be involved in cyber warfare between nations at any time.

Japan has been pointed out as having a delay in cyber security measures compared to Europe and the United States.

On April 1, the government is at the forefront of cyber investigations, and the National Police Agency's "Cyber ​​Special Investigation Team" is being launched, and measures are being strengthened.

There is a time when it is necessary to raise awareness of cyber attacks in companies, employees working there, and society as a whole.

Reporter of the Ministry of Economic Affairs

Daisuke Nogami

Joined the Department

of Economic Affairs in 2010 After working at the Kanazawa Bureau, he was in charge of the

finance and IT industries of the Ministry of Economic Affairs.