Global cyberattack is a warning for 'internet of things'
Low-security connected devices, rise of bitcoin enable spread of ransomware
TOKYO -- The current global cyberattack targets weaknesses endemic to modern information technology, exploiting security weaknesses in web-connected devices and the anonymity of the virtual currency bitcoin.
Chief Cabinet Secretary Yoshihide Suga told reporters Monday afternoon he had been told of a number of victims in the country. As of Saturday morning, roughly 2,000 terminals at some 600 Japanese IP addresses had been hit, said a private cybersecurity group, the Japan Computer Emergency Response Team Coordination Center. The damage was expected to spread Monday as the workweek resumed.
One computer was affected at water and sewer services in the city of Kawasaki, Kanagawa Prefecture. A Hitachi group company's appliance-ordering system was halted, preventing transactions with volume retailers, and workers were still trying to bring the system back online as of Monday night.
Elsewhere, attacks on infrastructure and production centers also stood out. A U.K. plant belonging to Japan's Nissan Motor suffered an attack, as did French automaker Renault, which halted work at several plants. British hospitals were forced to call off some procedures due to the strike, and the Spanish telecom Telefonica was hit as well. German railways suffered attacks on electronic arrivals and departures boards, as well as ticket machines.
It was no coincidence that companies and municipalities handling critical infrastructure were hit so heavily. The attackers apparently chose targets that would suffer greatly if they did not recover their data quickly, says analyst Toshio Nawa of Japan's Cyber Defense Institute. Such bodies, he says, are easy to extort because they cannot afford for operations to halt.
The use in infrastructure of connected devices, part of the internet of things, made room for the attack. Rail ticket machines and factory production equipment, for example, are now online and therefore vulnerable.
Production control devices and other equipment are made to match the systems they are used with, so it can be difficult to update them. The attackers targeted systems that still run outdated operating systems such as Microsoft's Windows XP. More users lately are unable to apply the latest security updates due to such issues as software incompatibility, which is something of an alarm bell for the internet of things, says Hiroki Takakura, a professor at the National Institute of Informatics.
This cyberattack came in the form of so-called ransomware, which encrypts users' data, rendering it inaccessible, then displays a message demanding payment in order to restore it. Many of those affected in the past have reportedly paid up.
Ransomware has existed since the 1990s, but became more prevalent last year, spurred by the spread of bitcoin. That virtual currency can be bought with a credit card via a computer program and easily sent digitally. No financial institutions are involved in the transaction, so users are harder to pin down, giving hackers reason to expect they will escape capture.
The attack landed in Europe on Friday afternoon, suggesting it could have been planned to take advantage of the weekend, when it would be harder to respond. Attackers may have counted on victims being impatient to solve the problem that day, said Nawa of the Cyber Defense Institute.
Online banks and credit companies have stepped up their guard against conventional cyberattacks, limiting their utility. But the current wave of attacks is using hacking tools from the U.S. National Security Agency, which were published online for anyone to use by a hacking group calling themselves the Shadow Brokers. Some fear further attacks from other groups will follow.