Report: ”Japan’s critical infrastructure under ‘escalating’ cyber attack”

opduststormreport-2.jpg

Image: Cylance

Operation Dust Storm has migrated to exclusively seek out organizations involved in Japanese critical infrastructure and resources, says security firm.

”The research arm of security company Cylance, SPEAR, has released a report entitled Operation Dust Storm that details cyber attacks, starting in 2010 and spanning multiple years and vectors, against major industries spread across Japan, South Korea, the United States, Europe, and several other Southeast Asian countries.

The report includes SPEAR’s most recent research, which suggests that the as-yet-unidentified attackers have shifted their focus to “specifically and exclusively target Japanese companies or Japanese subdivisions of larger foreign organisations”.

Attribution in cyber attacks is complex, thanks to the ease with which hackers can lay false trails. However, in a briefing, Cylance’s chief marketing officer Greg Fitzgerald noted that the attacks are “significantly financed, significantly resourced in terms of personnel and skillset, with a sustained presence, with the sole intention to be long-term espionage of these organisations”.

Choosing his words carefully, Fitzgerald said: “It’s probably a nation state ‘in the region’… and two particular countries, China and North Korea, both have an enormous amount of power, resources and skill in the cybersecurity arena. We, Cylance, do not have any indication as to either of those countries, and our position is that attribution, or the concept of blaming a country, is a very dangerous activity because it can be spoofed — it can be made to look like a country when it’s somebody else.”

Cylance has notified the Japanese arm of CERT (Computer Emergency Response Team), which is participating in the ongoing investigation, of the attack, said Fitzgerald.

“The attack that is happening is a current attack, in progress, that has sustained compromise of a variety of Japanese organisations — in particular they include electric utility companies, oil companies, natural gas companies, transportation organisations, construction, and even some finance organisations,” said Fitzgerald……..”

 

Source: ZDNet http://www.zdnet.com/article/japans-critical-infrastructure-under-escalating-cyber-attack-says-report/

The Board Director Training Institute (BDTI) is a "public interest" nonprofit in Japan dedicated to training about directorship, corporate governance, and related management techniques. It is certified by the Japanese government to conduct these activities as a regulated nonprofit. Read a summary about BDTI here, and see a menu of its services for both corporations and investors here.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.