Japan's Critical Infrastructure Under Cyberattack

Uploaded on 2016-03-11 in NEWS-Cybersecurity News, GOVERNMENT-Defence, FREE TO VIEW, BUSINESS-Services-IT & Telecoms, BUSINESS-Production-Utilities

The research arm of security company Cylance, SPEAR, has released a report entitled Operation Dust Storm that details cyber attacks, starting in 2010 and spanning multiple years and vectors, against major industries spread across Japan, South Korea, the United States, Europe, and several other Southeast Asian countries.

The report includes SPEAR's most recent research, which suggests that the as-yet-unidentified attackers have shifted their focus to "specifically and exclusively target Japanese companies or Japanese subdivisions of larger foreign organisations".

Attribution in cyber attacks is complex, thanks to the ease with which hackers can lay false trails. However, in a briefing, Cylance's chief marketing officer Greg Fitzgerald noted that the attacks are "significantly financed, significantly resourced in terms of personnel and skillset, with a sustained presence, with the sole intention to be long-term espionage of these organisations".

Choosing his words carefully, Fitzgerald said: "It's probably a nation state 'in the region'... and two particular countries, China and North Korea, both have an enormous amount of power, resources and skill in the cybersecurity arena. We, Cylance, do not have any indication as to either of those countries, and our position is that attribution, or the concept of blaming a country, is a very dangerous activity because it can be spoofed -- it can be made to look like a country when it's somebody else."

Cylance has notified the Japanese arm of CERT (Computer Emergency Response Team), which is participating in the ongoing investigation, of the attack, said Fitzgerald.

"The attack that is happening is a current attack, in progress, that has sustained compromise of a variety of Japanese organisations -- in particular they include electric utility companies, oil companies, natural gas companies, transportation organisations, construction, and even some finance organisations," said Fitzgerald.

Other specific findings of Operation Dust Storm include:
Long-term Purpose: After evaluating the malware at the first stages of attack on the hacked networks and systems, the SPEAR team found evidence showing that the prime motives are long-term data exfiltration and theft.

Continuous, Undocumented Threats: Last year SPEAR discovered two more waves of attacks that started in July 2015 and October 2015. One of the primary targets was a Japanese subsidiary of a South Korean electric utility.
    
Wide Range of Attack Types and Vectors: Attacks have employed spear phishing, waterholes, unique backdoors, and unique zero-day variants, among others, to breach corporate networks and Android-based mobile devices.

Targeted Corporate Attacks: The campaign has made use of malware that is customized for particular target organizations; one 2015 attack involved the use of an S-Type backdoor variant designed specifically to compromise the investment arm of a major Japanese automaker.

So far, the breaches do not appear to have graduated to actual sabotage. "From what we can tell, the compromise has only indicated the ability to be present long-term and undetected -- we cannot tell if they have done any damage to the organisations today," said Fitzgerald. "What we do know is that the attack methods used, which gain access to computers and their networks, would enable them to cause damage or steal data should they desire."

ZD Net: http://zd.net/1L9bc84

« 3D Printing: The Next Industrial Revolution
One Ethicist’s Compromise To Stop Killer Robots »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Aptive Consulting

Aptive Consulting

Aptive is a cyber security consultancy providing Penetration Testing and Vulnerability Assessment services.

IntSights

IntSights

IntSights is an intelligence driven security provider offering rapid, accurate cyberthreat intelligence and incident mitigation in real time

Avatao

Avatao

Avatao is an online training platform for building secure software, offering a rich library of hands-on IT security exercises for software engineers to teach secure programming.

Cybersecurity Innovation Hub

Cybersecurity Innovation Hub

The main objective of the Hub is to bring cybersecurity and other advanced technologies closer to companies and as a result help to increase their performance as Industry 4.0.

Healthcare Fraud Shield (HCFS)

Healthcare Fraud Shield (HCFS)

The focus of Healthcare Fraud Shield is solely on healthcare fraud prevention and payment integrity with a successful approach based on many unique advantages we deliver to our clients.

Banshie

Banshie

Banshie is an independent cyber security company with a small team of recognized specialist that are among the best in their field.

Secberus

Secberus

SECBERUS creates cloud security technology to help organizations stay secure & compliant in the public cloud.

GreyNoise Intelligence

GreyNoise Intelligence

GreyNoise Intelligence is a cyber security company that collects, labels, and analyzes Internet-wide scan and attack data.

Trustify

Trustify

Trustify is a Managed Security Service Provider offering a suite of world-class Cyber Risk Management services.

WolfSSL

WolfSSL

wolfSSL is an embedded SSL/TLS library providing secure communication for IoT, smart grid, connected home, routers, applications, games, phones, and more.

Elisity

Elisity

Elisity Cognitive Trust is a new security paradigm that combines Zero Trust Network Access and an AI-enabled Software Defined Perimeter.

Redbot Security

Redbot Security

Redbot Security provides industry leading manual penetration testing. Protecting critical systems and data - red team attack and breach simulations, (OT) critical infrastructure testing.

SharkStriker

SharkStriker

SharkStriker is a US based managed security services provider with SOCs and offices across the globe.

Oxygen Technologies

Oxygen Technologies

Oxygen Technologies is a business systems strategy and integration company offering a variety of solutions to give our clients ways to work smarter not harder.

CyberAntix

CyberAntix

CyberAntix offers Premium CyberSecurity for your business using an advanced Security Operations Centre technology and process platform reinforced by a steadfast and expert SOC team.

Net Essence

Net Essence

Net Essence is a Managed IT Services Provider. We deliver effective, reliable and fit-for-purpose IT solutions for SMEs based in the UK.