TOKYO -- In the past, the language barrier helped prevent overseas criminals from targeting Japan's banks via cyberspace, but recently the number of fake emails written in fluent Japanese has increased dramatically, and they now focus on poorly prepared small and medium-sized institutions. Alarmed by the volume of attacks, the financial services sector is ramping up security measures.
Preparing for the worst
On Nov. 24, information security employees from about 50 financial institutions across Japan gathered at a hotel in Tokyo to take part in a training workshop. Participants were tasked with protecting a fictitious bank from organized cybercriminal groups.
"We must immediately freeze bank accounts," one said.
"The website needs to be shut down," said another.
Technicians were up all night determining the cause of the computer system failure. Meanwhile, other workers were busy reporting the attack to senior executives and government regulators. It was one of the most extensive sessions ever held in Japan simulating a cyberattack on a bank, reportedly taking six months to set up.
The workshop was organized by Financials ISAC Japan, which aims to promote the sharing of information and technology among members to protect critical systems and assets from cyberthreats. More than 260 financial institutions are members, from megabanks to regional banks. Because trust is essential in banking, cyberattacks can cause substantial damage to an institution's reputation.
In recent years, smaller financial institutions have increasingly been targeted by cybercriminals. According to the National Police Agency, in 2015 the amount of money illegally transferred via the internet to dummy accounts surpassed 3 billion yen ($26.3 million). Most of these attacks targeted small and medium-sized banks, such as regional banks and credit associations. Security software giant Trend Micro said 46% of the viruses used to steal money in the first six months of the year took aim at regional banks.
Breaking the language barrier
Cyberattacks have become more sophisticated and harder to detect. The so-called targeted email attack is a type of cyberattack in which emails with attached files are sent to specific companies and individuals by attackers who pretend to be someone else. When the target opens the files, his or her computer becomes infected with a virus embedded in them.
The method has become more popular in part because of the improved language skills of attackers. In the past, attacks perpetrated in the U.S. and Europe were seen in Japan two or three years later. But, according to Japanese financial regulators, criminals are now launching attacks almost simultaneously in Japan and the West.
In October, U.S. internet infrastructure company Dyn fell victim to a massive cyberattack that used malware to infect hundreds of thousands of internet-connected devices such as security cameras and consumer electronics. "Japan could be subjected to such a large-scale attack anytime," warned Keisuke Kamata, a board member at Financials ISAC Japan.
Financial services agencies involved in fintech are increasingly haunted by cyberthreats. For example, in addition to the institutions themselves, many startups are involved. They have access to customer information and need to protect such data.
Financial companies must change their mentality toward security and build an industrywide defense framework. Last year the Financial Services Agency conducted a survey to grasp the current cybersecurity situation. A senior official at the agency's cyberspace measures planning office noted that management's deep commitment to bolstering security measures can help raise awareness among employees. Because banks, especially small ones, are lagging behind in installing defense systems, management needs to implement security policies, including budget allocation, to protect themselves.
Noboru Nakatani, executive director of the Interpol Global Complex for Innovation in Singapore, said: "Cybercriminals use hidden or invisible parts of the web, called the darknet, where lots of information about computer viruses and hacking are exchanged. Even if we find where a server is located, we often face difficulty arresting criminals in emerging countries because legal systems remain underdeveloped."