As the world struggles to fight the spread of the coronavirus, companies as well as governments are waking up to the growing threat of cyber viruses which targeted over 1,000 companies worldwide between January and October.
Since the start of 2020, companies in Japan have faced an unprecedented spike in ransomware attacks, which have suspended business operations and crippled computer and email systems just as Japanese companies shifted to teleworking as a countermeasure against COVID-19.
Traditional ransomware infiltrates encrypted data on a victim’s computer or internal system and demands a ransom. There are instances in which confidential data is stolen first, followed by the encryption of a system until the ransom is paid, typically through bitcoins, or threats are made and then information is stolen and leaked if no action is taken.
According to international security firm CrowdStrike, a survey of 2,200 security departments at major companies in 13 countries found that just over half of 200 Japanese companies, ranging from the automotive, aviation, and finance sectors, reported ransomware cyber attacks in which 33 companies paid an average sum of 123 million yen ($1.17 million) to criminal networks in order to prevent the leak of password-protected data.
Japan’s most recent cyber attack was reported in November by Japanese video game giant Capcom, which was hit with a ransom demand of 1.1 billion yen in exchange for the retrieval of stolen materials. While the company refused to cooperate, it’s suspected a Russian cyber criminal group called Ragnar Locker was behind the theft of around 350,000 confidential documents.
It’s not just small businesses with fewer resources being targeted. Since August, major global Japanese brands such as Honda, Canon, Toto, Citizen watches, Yaskawa Electric, and Asunaro Aoki Construction have been infected with ransomware and malware. In June, Honda’s global operations were disrupted by a cyber attack that left ransomware on hundreds of thousands of its computers. The malware was identified as a so-called WannaCry virus, which leaves computers inaccessible until a ransom is paid. Honda was forced to temporarily halt production of motorcycles in India and Brazil as well as suspending the production of 1,000 cars in Japan, the U.K., North America, Turkey and Italy.
The damage caused by cyber attacks extends beyond the loss of money and also includes the risk that stolen information will be leaked or sold on the black market. In November, the personal information of Japanese users stolen from event management app Peatrix, including names, email addresses and credit card details, were discovered on sale for $10 to $100 per unit.
Giving into ransom demands is not recommended by security experts as there is no guarantee criminal groups will release data or won’t attack again with greater force and higher prices. But many companies often weigh the benefit of paying the ransom with the cost of damage to production, long term reputation, and legal fees from potential customer lawsuits. For instance, a recent cyber attack on cyber security company FireEye, based in California, saw the company’s share price plummet following the announcement of the hacking attack.
The internet is looking more and more like a lawless zone, and tracing the digital route of criminal hackers requires greater international cooperation. Although there is a growing awareness of the need for cyber diplomacy, there is an urgent need for the development of an international rules-based order that will help nations respond.
Taiwan’s crackdown on cyber crime as a matter of national security prompted the launch of a cyber police agency fitted with a digital forensic laboratory and staffed by specialized IT crime personnel. Cyber crime knows no borders and in an act of cyber diplomacy, Taiwan offered to share its cyber security expertise with Japan.
Last week, Japan’s Ministry of Trade urged businesses to exercise greater leadership and strengthen internal cyber security efforts, warning cyber attacks could worsen with the increase in telework. A new ministerial report highlights the fact that overseas hackers are targeting small and large firms with globalized supply chains and those promoting expansion overseas.
With cyber attacks growing in sophistication, anti-virus software alone cannot eliminate the risk altogether. Prevention is key and many large companies have established computer security incident response teams in an effort to collect and analyze cyber threats, monitor external cyber attacks on a daily basis, and educate employees. As of November, more than 400 companies and organizations in Japan have set up such teams in the anticipation of possible future cyber attacks.
According to Check Point Software Technologies interim “Cyber Attack Trend” report released in August, hacking by malware and phishing sites related to coronavirus skyrocketed dramatically from 5,000 instances per week in February to more than 200,000 times per week by the end of April.