Cyberattack damage limited this time but Asia vulnerable
Experts warn the region could pay for a lack of investment in security
SHOTARO TANI, Nikkei staff writer
TOKYO -- A global cyberattack that has swept Europe and the U.S. in the past several days has landed on Asian shores, inflicting limited damage. But experts warn Asian companies are more vulnerable in terms of cybersecurity and could be hit harder in future strikes.
The latest attack, thought to be caused by malware called "Petya," was centered on Europe. Most Asian companies and government bodies remained unaffected, but there has been some fallout.
In India, operations were disrupted at the country's largest container port, Jawaharlal Nehru Port Trust, after its private-sector terminal operator, APM Maersk, was affected by the cyberattack, according to statement released Wednesday by India's Ministry of Shipping.
Maersk confirmed on its website the same day that "a number of IT systems are deliberately shut down across multiple sites and select business units," and that "business continuity plans are being implemented and prioritized."
In Australia's island state of Tasmania, production at a Cadbury chocolate factory was halted after its parent company, Mondelez International, was struck by the malware. "We continue to work quickly to address the current global IT outage across Mondelez International, and to contain any further exposure to our network," the company said in a statement
An Australian employee with global law firm DLA Piper was also hit, according to several media outlets.
Ground zero: Ukraine and Russia
Reports suggest many of the companies affected in Asia are local arms of European and American companies. The epicenter of the attack was in Russia and Ukraine.
"To date, Ukraine is the country with the largest number of affected users, and there are signs that the infection started in Ukraine," a spokesman for Russian securities company Kaspersky told the Nikkei Asian Review. "The distribution points for the malware was the Ukrainian software company MeDoc," the spokesman said, adding that MeDoc's website was hacked, and its users received a malicious automated update.
U.S. network security specialist Symantec said the latest attack uses "a new strain of the 'Petya' ransomware," similar to the "WannaCry" malware used in a global cyberattack in May. Like "WannaCry," "Petya" encrypts files on the affected computer, then sends out a demand for payment in cryptocurrency to unlock the files. In the latest attack, those infected are being told to pay $300 in Bitcoin.
However, some security experts have pointed out that this attack is a "wiper," designed to destroy and damage the files, as opposed to "ransomware," where the aim is to make money.
Despite the limited damage in Asia, experts warn that companies in the region are more vulnerable to cyberattacks than other parts of the world. According to a report by the U.S. security company FireEye, the median time between a security breach and its discovery in the Asia-Pacific region in 2016 was 172 days, significantly longer than the global medianof 99 days.
"APAC continues to have one of the highest dwell times for adversaries because of the basic lack of investment in security," the report said, adding that Asia's financial services sector was a "top target for cybercriminals and nation-state actors from around the world."
That spells trouble in the region as cybercriminals are becoming more cunning by the day.
Shohei Daido, a researcher at Japan's Information-Technology Promotion Agency, said the recent attacks appeared to be more sophisticated than the May attacks. "'WannaCry' was sloppier. ... Encryption [of the files] was incomplete, and it couldn't spread to other computers as programmed," Daido said. "This latest attack seems to have properly encrypted the files."