Japan's Critical Infrastructure Under Cyberattack

The research arm of security company Cylance, SPEAR, has released a report entitled Operation Dust Storm that details cyber attacks, starting in 2010 and spanning multiple years and vectors, against major industries spread across Japan, South Korea, the United States, Europe, and several other Southeast Asian countries.

The report includes SPEAR's most recent research, which suggests that the as-yet-unidentified attackers have shifted their focus to "specifically and exclusively target Japanese companies or Japanese subdivisions of larger foreign organisations".

Attribution in cyber attacks is complex, thanks to the ease with which hackers can lay false trails. However, in a briefing, Cylance's chief marketing officer Greg Fitzgerald noted that the attacks are "significantly financed, significantly resourced in terms of personnel and skillset, with a sustained presence, with the sole intention to be long-term espionage of these organisations".

Choosing his words carefully, Fitzgerald said: "It's probably a nation state 'in the region'... and two particular countries, China and North Korea, both have an enormous amount of power, resources and skill in the cybersecurity arena. We, Cylance, do not have any indication as to either of those countries, and our position is that attribution, or the concept of blaming a country, is a very dangerous activity because it can be spoofed -- it can be made to look like a country when it's somebody else."

Cylance has notified the Japanese arm of CERT (Computer Emergency Response Team), which is participating in the ongoing investigation, of the attack, said Fitzgerald.

"The attack that is happening is a current attack, in progress, that has sustained compromise of a variety of Japanese organisations -- in particular they include electric utility companies, oil companies, natural gas companies, transportation organisations, construction, and even some finance organisations," said Fitzgerald.

Other specific findings of Operation Dust Storm include:
Long-term Purpose: After evaluating the malware at the first stages of attack on the hacked networks and systems, the SPEAR team found evidence showing that the prime motives are long-term data exfiltration and theft.

Continuous, Undocumented Threats: Last year SPEAR discovered two more waves of attacks that started in July 2015 and October 2015. One of the primary targets was a Japanese subsidiary of a South Korean electric utility.
    
Wide Range of Attack Types and Vectors: Attacks have employed spear phishing, waterholes, unique backdoors, and unique zero-day variants, among others, to breach corporate networks and Android-based mobile devices.

Targeted Corporate Attacks: The campaign has made use of malware that is customized for particular target organizations; one 2015 attack involved the use of an S-Type backdoor variant designed specifically to compromise the investment arm of a major Japanese automaker.

So far, the breaches do not appear to have graduated to actual sabotage. "From what we can tell, the compromise has only indicated the ability to be present long-term and undetected -- we cannot tell if they have done any damage to the organisations today," said Fitzgerald. "What we do know is that the attack methods used, which gain access to computers and their networks, would enable them to cause damage or steal data should they desire."

ZD Net: http://zd.net/1L9bc84

« 3D Printing: The Next Industrial Revolution
One Ethicist’s Compromise To Stop Killer Robots »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Zayo

Zayo

Zayo is a leading global bandwidth infrastructure services provider for high-performance connectivity, secure colocation and flexible cloud services.

GlobalSign

GlobalSign

GlobalSign is an identity services company providing cloud-based, PKI solutions for enterprises needing to conduct safe commerce, communications, content delivery and community interactions.

CyberSource

CyberSource

CyberSource provides online payment and fraud management services for medium and large-sized merchants.

Blake, Cassels & Graydon (Blakes)

Blake, Cassels & Graydon (Blakes)

Blakes is one of Canada’s top business law firms serving national and international clients in specialist areas including cyber security.

CounterFind

CounterFind

CounterFind is turnkey technology that allows brands to find and remove counterfeit and infringing merchandise from online marketplaces and social media sites.

NightDragon

NightDragon

NightDragon is a venture capital firm investing in innovative growth and late stage companies within the cybersecurity, safety, security, and privacy industry.

Communications & Information Technology Regulatory Authority (CITRA)

Communications & Information Technology Regulatory Authority (CITRA)

CITRA is responsible for overseeing the telecommunications sector, monitoring and protecting the interests of users and service providers, and regulating the services of telecomms networks in Kuwait.

Wavex Technology

Wavex Technology

Wavex Technology is an award winning IT Services firm offering clients a secure and fully managed IT service.

ST Engineering Antycip

ST Engineering Antycip

ST Engineering Antycip (formerly Antycip Simulation) is Europe’s leading provider of professional grade COTS simulation software, projection & display systems, and related engineering services.

Managed IT Services

Managed IT Services

Managed IT Services is a managed IT Services Company offering a diverse range of Cyber Security services and IT solutions.

Team Secure

Team Secure

Team Secure provide Enterprise-grade Cyber Security consultancy, managed security services and cyber security staffing services.

tTech

tTech

tTech is the first and foremost company providing outsourced Information Technology solutions to businesses in Jamaica.

CaseMatrix

CaseMatrix

Discover a new era of legal intelligence with CaseMatrix. We identify potential class action cases arising from cyber incidents and data breaches.

Colt Technology Services

Colt Technology Services

Colt Technology Services (Colt) is a global digital infrastructure company which creates extraordinary connections to help businesses succeed.

SecurEnvoy

SecurEnvoy

SecurEnvoy are a leader in designing zero access trust solutions using the latest cutting-edge technologies, to protect your users, devices and data, whatever the location.

Prophet Security

Prophet Security

Prophet Security empowers organizations to triage, investigate, and respond to alerts with unparalleled speed and accuracy.