A new Rapid7 report finds Japan has been targeted by a number of threat actors in both cyber espionage and financial campaigns.
In a new research paper, Footprints of Japan and its Global Business: Cyber Threat Landscape ReportRapid7, announced on June 28, 2023, has attracted the attention of three of the four countries (China, North Korea, and Russia) that are typically sources of state-sponsored threats in East Asia. discovered.
The report also found that in the first half of 2022, 32.5% of all ransomware attacks were reported by manufacturers. By comparison, just 7.9% of attacks came from the healthcare industry over the same period.
Paul Prudhomme, Head of Threat Intelligence Advisory at Rapid7, said: “Japanese manufacturing organizations are uniquely vulnerable to cyberattacks, mainly for two reasons. First, they have deep ties to supply chains around the world. , they practice just-in-time production, which results in very little inventory and significantly weaker business processes.”
The report also found that most prominent Japanese companies have a global presence with well-known brands, especially in the fields of manufacturing, automobiles and technology. and affiliated companies.
“The threat actor could then move laterally to the parent company’s systems in Japan,” Prudhomme added.
China, North Korea, Russia, and…Vietnam
An example of this kind of lateral movement occurred at Panasonic in October 2020 when a data disclosure extortion incident occurred at its Indian branch, and in February 2022 when its Canadian branch was also targeted.
Also, Nissan Canada Finance (NCF), which finances the purchase and lease of vehicles from Nissan, Infiniti and Mitsubishi dealers, was hit with a ransom demand in December 2017.
China-affiliated groups used similar tactics, but in a wider range of industries. For example, in late 2021, a subset of China’s APT10, Earth Tengshe (a.k.a. Bronze Riverside), will target overseas subsidiaries and suppliers of Japanese manufacturing, engineering, electronics, automotive, energy and technology companies to gain access to their parent companies. assumed to have been obtained. Japanese company.
Additionally, another state-sponsored attacker has recently been observed targeting Japanese organizations in Vietnam.
“Vietnam’s APT32, also known as OceanLotus, has shown particular interest in targeting foreign competitors in Vietnam’s emerging auto industry. Security researchers observed APT32 creating domains that disguised the automaker’s legitimate infrastructure as an attack vector. did,” the report said.
fall behind
Sabine Malik, vice president of global government affairs and public policy at Rapid7, said Japan’s long-standing reputation for lagging behind in cybersecurity policies in both the private and public sectors meant that these He said the threat was of particular concern. Information security.
“Japan lags behind other developed nations in cybersecurity. The International Institute for Strategic Studies put Japan last in a three-tier ranking in its June 2021 report. noted that cybersecurity in the country’s public and private sectors is weak, leading to a lack of ability to track malicious intrusion attempts and a lack of a legal framework to launch counterattacks. , especially not adapted to deal with cyber-attacks that occur against the country’s infrastructure,” Malik said.
Despite being the world’s third largest economy after the United States and China, Japan is often ignored in the English-speaking literature on cyber threat intelligence.
“With this new report, Rapid7 hopes to provide a one-stop-shop for a broad and comprehensive view of Japan’s threat landscape in English,” said Prudhomme.
The Japanese government will release a revised National Security Strategy in December 2022.
