Japan's Critical Infrastructure Under Cyberattack

Uploaded on 2016-03-11 in NEWS-Cybersecurity News, GOVERNMENT-Defence, FREE TO VIEW, BUSINESS-Services-IT & Telecoms, BUSINESS-Production-Utilities

The research arm of security company Cylance, SPEAR, has released a report entitled Operation Dust Storm that details cyber attacks, starting in 2010 and spanning multiple years and vectors, against major industries spread across Japan, South Korea, the United States, Europe, and several other Southeast Asian countries.

The report includes SPEAR's most recent research, which suggests that the as-yet-unidentified attackers have shifted their focus to "specifically and exclusively target Japanese companies or Japanese subdivisions of larger foreign organisations".

Attribution in cyber attacks is complex, thanks to the ease with which hackers can lay false trails. However, in a briefing, Cylance's chief marketing officer Greg Fitzgerald noted that the attacks are "significantly financed, significantly resourced in terms of personnel and skillset, with a sustained presence, with the sole intention to be long-term espionage of these organisations".

Choosing his words carefully, Fitzgerald said: "It's probably a nation state 'in the region'... and two particular countries, China and North Korea, both have an enormous amount of power, resources and skill in the cybersecurity arena. We, Cylance, do not have any indication as to either of those countries, and our position is that attribution, or the concept of blaming a country, is a very dangerous activity because it can be spoofed -- it can be made to look like a country when it's somebody else."

Cylance has notified the Japanese arm of CERT (Computer Emergency Response Team), which is participating in the ongoing investigation, of the attack, said Fitzgerald.

"The attack that is happening is a current attack, in progress, that has sustained compromise of a variety of Japanese organisations -- in particular they include electric utility companies, oil companies, natural gas companies, transportation organisations, construction, and even some finance organisations," said Fitzgerald.

Other specific findings of Operation Dust Storm include:
Long-term Purpose: After evaluating the malware at the first stages of attack on the hacked networks and systems, the SPEAR team found evidence showing that the prime motives are long-term data exfiltration and theft.

Continuous, Undocumented Threats: Last year SPEAR discovered two more waves of attacks that started in July 2015 and October 2015. One of the primary targets was a Japanese subsidiary of a South Korean electric utility.
    
Wide Range of Attack Types and Vectors: Attacks have employed spear phishing, waterholes, unique backdoors, and unique zero-day variants, among others, to breach corporate networks and Android-based mobile devices.

Targeted Corporate Attacks: The campaign has made use of malware that is customized for particular target organizations; one 2015 attack involved the use of an S-Type backdoor variant designed specifically to compromise the investment arm of a major Japanese automaker.

So far, the breaches do not appear to have graduated to actual sabotage. "From what we can tell, the compromise has only indicated the ability to be present long-term and undetected -- we cannot tell if they have done any damage to the organisations today," said Fitzgerald. "What we do know is that the attack methods used, which gain access to computers and their networks, would enable them to cause damage or steal data should they desire."

ZD Net: http://zd.net/1L9bc84

« 3D Printing: The Next Industrial Revolution
One Ethicist’s Compromise To Stop Killer Robots »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Teneo

Teneo

Teneo is a Solutions Provider focused on reducing complexity. We combine leading technology with deep expertise to create new ideas on how to simplify IT operations.

SecureNow Insurance Broker

SecureNow Insurance Broker

SecureNow is a commercial insurance broker based in India. Services offered include Cyber Risk insurance.

FinalCode

FinalCode

FinalCode offers a file encryption and file-based enterprise digital rights management (eDRM) platform.

Digital Infrastructure Association (DINL)

Digital Infrastructure Association (DINL)

DINL is the leading representative for companies and organisations which are active within the Dutch digital infrastructure sector.

Irdeto

Irdeto

Irdeto is the world leader in digital platform security, protecting platforms and applications for media & entertainment, gaming, connected transport and IoT connected industries.

Concentric

Concentric

Concentric Data Risk Monitoring and Protection. Deep Learning to discover, monitor and remediate risks to sensitive data on-premises and in the cloud.

InfoSec Conferences

InfoSec Conferences

InfoSec Conferences is an online directory of infosec conferences. We list every single Information Security conference, event and seminar within every niche in Cybersecurity.

HancomWITH

HancomWITH

Hancomwith is an information security company. We provide optimized blockchain solutions in areas including next-generation authentication, security and digital asset transaction.

Samurai Digital Consulting

Samurai Digital Consulting

Samurai Digital Security are a cyber and Information security services provider, specialising in penetration testing, incident response, user awareness and information governance solutions.

Saepio Solutions

Saepio Solutions

Saepio promote an all-encompassing approach to cybersecurity, ensuring the appropriate balance of budget and resource across Policy, Product and People.

LAVAAT

LAVAAT

At LAAVAT, our goal is to make it easy for our customers to build secure IoT devices without a need to invest considerably in embedded security and cryptography expertise.

Hadrian

Hadrian

Hadrian is modernizing offensive security practices with automation, making them faster and more scalable. Equipped with the hacker’s perspective, companies can now know what their critical risks are.

McAfee

McAfee

McAfee is a worldwide leader in online protection. We’re focused on protecting people, not devices. Our solutions adapt to our customers’ needs and empower them to confidently experience life online.

RAND Corporation

RAND Corporation

The RAND Corporation is a non-profit institution that helps improve policy and decision making through research and analysis.

SkillsDA

SkillsDA

SkillsDA is pureplay company in cyber security involved in capacity building towards National Security.

SecureLake

SecureLake

SecureLake (formerly Managni) is one of the most trusted US-based IT security and infrastructure companies.