Japan's Critical Infrastructure Under Cyberattack

The research arm of security company Cylance, SPEAR, has released a report entitled Operation Dust Storm that details cyber attacks, starting in 2010 and spanning multiple years and vectors, against major industries spread across Japan, South Korea, the United States, Europe, and several other Southeast Asian countries.

The report includes SPEAR's most recent research, which suggests that the as-yet-unidentified attackers have shifted their focus to "specifically and exclusively target Japanese companies or Japanese subdivisions of larger foreign organisations".

Attribution in cyber attacks is complex, thanks to the ease with which hackers can lay false trails. However, in a briefing, Cylance's chief marketing officer Greg Fitzgerald noted that the attacks are "significantly financed, significantly resourced in terms of personnel and skillset, with a sustained presence, with the sole intention to be long-term espionage of these organisations".

Choosing his words carefully, Fitzgerald said: "It's probably a nation state 'in the region'... and two particular countries, China and North Korea, both have an enormous amount of power, resources and skill in the cybersecurity arena. We, Cylance, do not have any indication as to either of those countries, and our position is that attribution, or the concept of blaming a country, is a very dangerous activity because it can be spoofed -- it can be made to look like a country when it's somebody else."

Cylance has notified the Japanese arm of CERT (Computer Emergency Response Team), which is participating in the ongoing investigation, of the attack, said Fitzgerald.

"The attack that is happening is a current attack, in progress, that has sustained compromise of a variety of Japanese organisations -- in particular they include electric utility companies, oil companies, natural gas companies, transportation organisations, construction, and even some finance organisations," said Fitzgerald.

Other specific findings of Operation Dust Storm include:
Long-term Purpose: After evaluating the malware at the first stages of attack on the hacked networks and systems, the SPEAR team found evidence showing that the prime motives are long-term data exfiltration and theft.

Continuous, Undocumented Threats: Last year SPEAR discovered two more waves of attacks that started in July 2015 and October 2015. One of the primary targets was a Japanese subsidiary of a South Korean electric utility.
    
Wide Range of Attack Types and Vectors: Attacks have employed spear phishing, waterholes, unique backdoors, and unique zero-day variants, among others, to breach corporate networks and Android-based mobile devices.

Targeted Corporate Attacks: The campaign has made use of malware that is customized for particular target organizations; one 2015 attack involved the use of an S-Type backdoor variant designed specifically to compromise the investment arm of a major Japanese automaker.

So far, the breaches do not appear to have graduated to actual sabotage. "From what we can tell, the compromise has only indicated the ability to be present long-term and undetected -- we cannot tell if they have done any damage to the organisations today," said Fitzgerald. "What we do know is that the attack methods used, which gain access to computers and their networks, would enable them to cause damage or steal data should they desire."

ZD Net: http://zd.net/1L9bc84

« 3D Printing: The Next Industrial Revolution
One Ethicist’s Compromise To Stop Killer Robots »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

IronScales

IronScales

IronScales combines human intelligence with machine learning to automatically prevent, detect and respond to email phishing attacks.

Cybercrypt

Cybercrypt

Cybercrypt is a world leading system provider in robust cryptography. Protecting critical assets, applications and sensitive data.

Baffle

Baffle

Baffle is pioneering a solution that makes data breaches irrelevant by keeping data encrypted from production through processing.

Cyber Security Agency of Singapore (CSA)

Cyber Security Agency of Singapore (CSA)

The CSA is the national agency overseeing cybersecurity strategy, operation, education, outreach, and ecosystem development.

Ritz

Ritz

Ritz is the largest holistic pure-play cyber security solutions provider in Myanmar.

NFIR

NFIR

NFIR is a specialist in the field of cyber security incident response and digital forensics.

Riddle&Code

Riddle&Code

Riddle&Code is a product-led services company specializing in onboarding industries to Web3. The team's mission is to provide a trusted connection between the digital and physical worlds.

Vector Informatik

Vector Informatik

Vector Informatik is a specialist in automotove electronics and provides services, embedded software and tools for securing embedded systems against cyber-attacks.

Ampliphae

Ampliphae

Ampliphae gives you an easy-to-deploy, sophisticated and affordable cloud-discovery, security and compliance platform.

Salvador Technologies

Salvador Technologies

Salvador Technologies provides the world’s fastest technology to recover from cyber-attacks.

eSec Forte Technologies

eSec Forte Technologies

eSec Forte Technologies is a CMMI Level-3 ISO 9001-2008, 27001-2013 certified global consulting and implementation company focused on Information Security and Cyber Security.

Alacrinet

Alacrinet

Alacrinet is an IT and cyber security consultancy. From penetration testing to fully managed MSSP, our team is focused on knowing the latest threats, preventing vulnerabilities, and providing value.

Immunefi

Immunefi

Immunefi provides bug bounty hosting, consultation, and program management services to blockchain and smart contract projects.

Sycope

Sycope

Sycope is focused on designing and developing highly specialised IT solutions for monitoring and improving network and application performance.

Centric Consulting

Centric Consulting

Centric Consulting is an international management consulting firm with unmatched expertise in business transformation, AI strategy, cyber risk management, technology implementation and adoption. 

Liberty Technology

Liberty Technology

Liberty Technology has a host of highly trained, certified experts who assist our clients with immediate remote support as well as on-site service.