As more of Japan’s companies adopt telework during the coronavirus pandemic, cybercriminals are not far behind, hacking into login information that gives them access to the internal networks of some of the nation’s largest corporations.
Hackers have obtained network access info for at least 38 Japanese businesses, Nikkei has learned, pointing to a wave of data breaches over connections crucial for the support of telecommuting.
Businesses have widely adopted virtual private networks that encrypt transmitted data, since the setup is less costly than installing dedicated lines. But some companies appear to have been slow in updating hardware and software for VPNs, underscoring the risks associated with remote work.
VPN data for over 900 companies worldwide was being traded on illicit sites as of mid-August, according to Japan’s National Center of Incident Readiness and Strategy for Cybersecurity, the cabinet-level agency known as the NISC.
Among them, 38 are Japanese. The victims include major corporations such as Hitachi Chemical, Sumitomo Forestry and restaurant operator Zensho Holdings. Also on the list are audio equipment manufacturer Onkyo, drugmaker Zenyaku Kogyo, energy company Iwatani, power generation equipment maker Daihen, as well as the Confederation of Japan Automobile Workers’ Unions.
It appears that Russian-speaking hackers illegally accessed these companies and stole information. The breaches potentially made use of VPN usernames and passwords, as well as IP addresses.
Sumitomo Forestry says there have been no verifiable breaches of employee data or similarly sensitive information, a stance echoed by all the Japanese companies affected. But experts say hackers could disguise themselves as employees to access internal data or carry out cyberattacks from the inside unless special measures are taken.
The Japan-based companies whose data is available on the dark web have utilized VPN service from Pulse Secure, a US company with over 20,000 corporate clients. In April of last year, Pulse Secure warned of vulnerabilities on its VPN networks and released patches.
This warning was repeated across the Pacific by the Japan Computer Emergency Response Team Coordination Center, a private-sector organization. But several companies failed to install the patches, leaving the door open to data breaches. Some have apparently continued to use unpatched VPNs, which hackers have seemingly exploited.
The 38 companies could serve as steppingstones for cybercriminals to target other firms with which they do business. Hackers could acquire privileged information or upload viruses through this route.
“It’s imperative to adopt two-factor authentication and improve monitoring, and not rely solely on IDs and PIN numbers,” said Masahiro Yamada, associate vice president at Tokyo cybersecurity company Cyfirma.
Hitachi Chemical says it has halted affected equipment, while Zenyaku Kogyo has “taken necessary action,” according to a representative. Most other victimized companies report adopting similar measures. Additional arrangements, such as setting up access limits for individual employees, will be essential.
In a report published late last month, the NISC sounded the alarm about “signs of cyberattacks” that take advantage of the hurried transition to a telecommuting environment. The agency has cited the conspicuous inertia among companies to adopt security measures for their networks.
This article first appeared on Nikkei Asian Review. It’s republished here as part of 36Kr’s ongoing partnership with Nikkei. 36Kr is KrASIA’s parent company.