ArrowArtboardCreated with Sketch.Title ChevronTitle ChevronEye IconIcon FacebookIcon LinkedinIcon Mail ContactPath LayerIcon MailPositive ArrowIcon PrintSite TitleTitle ChevronIcon Twitter
Technology

As Japan expands telework, hackers follow and crack into networks

At least 38 companies are found to have comprised login info

Cybercriminals are reportedly finding vulnerabilities in VPNs and exploiting them.   © Reuters

TOKYO -- As more of Japan's companies adopt telework during the coronavirus pandemic, cybercriminals are not far behind, hacking into login information that gives them access to the internal networks of some of the nation's largest corporations.

Hackers have obtained network access info for at least 38 Japanese businesses, Nikkei has learned, pointing to a wave of data breaches over connections crucial for the support of telecommuting.

Businesses have widely adopted virtual private networks that encrypt transmitted data, since the setup is less costly than installing dedicated lines. But some companies appear to have been slow in updating hardware and software for VPNs, underscoring the risks associated with remote work.

VPN data for over 900 companies worldwide was being traded on illicit sites as of mid-August, according to Japan's  National Center of Incident Readiness and Strategy for Cybersecurity, the cabinet-level agency known as the NISC.

Among them, 38 are Japanese. The victims include major corporations such as Hitachi Chemical, Sumitomo Forestry and restaurant operator Zensho Holdings. Also on the list are audio equipment manufacturer Onkyo, drugmaker Zenyaku Kogyo, energy company Iwatani, power generation equipment maker Daihen, as well as the Confederation of Japan Automobile Workers' Unions.

It appears that Russian-speaking hackers illegally accessed these companies and stole information. The breaches potentially made use of VPN usernames and passwords, as well as IP addresses.

Sumitomo Forestry says there have been no verifiable breaches of employee data or similarly sensitive information, a stance echoed by all the Japanese companies affected. But experts say hackers could disguise themselves as employees to access internal data or carry out cyberattacks from the inside unless special measures are taken.

The Japan-based companies whose data is available on the dark web have utilized VPN service from Pulse Secure, a U.S. company with over 20,000 corporate clients. In April of last year, Pulse Secure warned of vulnerabilities on its VPN networks and released patches.

This warning was repeated across the Pacific by the Japan Computer Emergency Response Team Coordination Center, a private-sector organization. But several companies failed to install the patches, leaving the door open to data breaches. Some have apparently continued to use unpatched VPNs, which hackers have seemingly exploited.

The 38 companies could serve as steppingstones for cybercriminals to target other firms with which they do business. Hackers could acquire privileged information or upload viruses through this route.

"It's imperative to adopt two-factor authentication and improve monitoring, and not rely solely on IDs and PIN numbers," said Masahiro Yamada, associate vice president at Tokyo cybersecurity company Cyfirma.

Hitachi Chemical says it has halted affected equipment, while Zenyaku Kogyo has "taken necessary action," according to a representative. Most other victimized companies report adopting similar measures. Additional arrangements, such as setting up access limits for individual employees, will be essential.

In a report published late last month, the NISC sounded the alarm about "signs of cyberattacks" that take advantage of the hurried transition to a telecommuting environment. The agency has cited the conspicuous inertia among companies to adopt security measures for their networks.

Sponsored Content

About Sponsored Content This content was commissioned by Nikkei's Global Business Bureau.

You have {{numberArticlesLeft}} free article{{numberArticlesLeft-plural}} left this monthThis is your last free article this month

Stay ahead with our exclusives on Asia;
the most dynamic market in the world.

Stay ahead with our exclusives on Asia

Get trusted insights from experts within Asia itself.

Get trusted insights from experts
within Asia itself.

Try 1 month for $0.99

You have {{numberArticlesLeft}} free article{{numberArticlesLeft-plural}} left this month

This is your last free article this month

Stay ahead with our exclusives on Asia; the most
dynamic market in the world
.

Get trusted insights from experts
within Asia itself.

Try 3 months for $9

Offer ends July 31st

Your trial period has expired

You need a subscription to...

  • Read all stories with unlimited access
  • Use our mobile and tablet apps
See all offers and subscribe

Your full access to the Nikkei Asian Review has expired

You need a subscription to:

  • Read all stories with unlimited access
  • Use our mobile and tablet apps
See all offers
NAR on print phone, device, and tablet media