The new Rapid7 report details the challenges and threats Japan faces in cybersecurity.
Japan is being targeted by cyberattacks from a variety of cybercriminals with both espionage and financial goals, according to a new report from Rapid7.
The researchers found that the East Asian country is on the radar of three of the four countries that are usually sources of state-sponsored threats, most often China, North Korea and Vietnam.
The report also revealed that Japan's manufacturing industry reported 32.5% of all extortion cases involving specialized software in the first half of 2022. By comparison, the healthcare sector accounted for only 7.9% of attacks over the same period.
According to Paul Prudhomme, Head of Threat Advisory at Rapid7, “Japanese manufacturing organizations are uniquely vulnerable to cyberattacks for two main reasons: on the one hand, they have deep connections with suppliers around the world, making them desirable targets; on the other hand, they practice real-time production, which means they have virtually no inventory. This makes their operational processes significantly vulnerable.”
The report also revealed that the most famous Japanese companies have a global presence around the world, with recognizable brands, especially in the areas of manufacturing, automotive and technology. The compromise of Japanese parent companies is often due to the vulnerability of their overseas subsidiaries or affiliates.
An example of such horizontal movement was Panasonic, when its Indian division was subjected to a data disclosure incident with a ransom demand in October 2020, and 2 years later, in February 2022, hackers reached the Canadian division. Both attacks affected the parent company.
China-linked groups have used similar tactics, but across a broader spectrum of industries. In late 2021, for example, Earth Tengshe (also known as Bronze Riverside), a subgroup of China's APT10, targeted overseas subsidiaries and suppliers of Japanese manufacturing, engineering, electronics, automotive, energy and technology companies in order to presumably gain access to parent companies in Japan.
In addition, Vietnam was also seen in attacks on Japanese companies. The state-sponsored group APT32, also known as OceanLotus, has shown particular interest in foreign competitors in the emerging Vietnamese auto industry.
An anonymous spokesperson for one of Japan's largest car manufacturers allegedly confirmed in 2019 that APT32 was targeting the company and its overseas operations. Security researchers then noted that APT32 created domains to spoof the legitimate infrastructure of this car manufacturer as an attack vector.
“Japan has a long history of underperforming in cybersecurity in both the private and public sectors,” said Sabine Malik, vice president of global government affairs and public policy at Rapid7.
“The International Institute for Strategic Studies ranked Japan the lowest in its three-tier ranking in June 2021. The London-based think tank pointed to the country's weak cybersecurity in the public and private sectors, including its ability to track malicious intrusion attempts and the lack of a legal mechanism to launch counterattacks,” Malik said.
Japan often goes unnoticed in the cyberintelligence literature in English, despite the fact that it has the world's third largest economy after the US and China.
The Japanese government, of course, is aware of its plight in relation to other countries, so last December it presented a new revised National Security Strategy. It states that Japan will strengthen its cyber capabilities and cooperate with other countries to counter emerging cyber threats.