Cybercriminals Zero In on Japan's Manufacturing SectorOne-Third of Ransomware Attacks Aimed at Manufacturers, Overseas Affiliates
Japan's $1 trillion manufacturing industry is a prime target for ransomware and state-sponsored threats. Over the past year, nearly one-third of all ransomware victims have come from the automotive and general manufacturing sectors, according to threat intelligence company Rapid7.
The manufacturing and automotive sectors account for a major segment of the country's economy, making it a prime target, threat intelligence company Rapid7 said in a report.
Automotive manufacturers Toyota, Honda and Nissan, which have a significant international presence, have been victims of cyberattacks at their overseas manufacturing facilities, subsidiaries and affiliates. Cybercriminals have successfully moved laterally through networks or compromised credentials to target the parent network, Rapid7 said.
Malicious actors in recent years have moved through a series of intermediary steps to achieve their objectives. "This includes indirectly targeting the intended victim organization via the more vulnerable locations to undermine the parent company's cyber defenses and gain access to their network," said Rob Dooley, vice president of the APJ region for Rapid7.
Ransomware gangs have been so successful because automotive and manufacturing organizations have a lower tolerance for disruptions and downtime, according to Paul Prudhomme, the company's principal security analyst.
Prudhomme said overseas subsidiaries and affiliates make good targets for two reasons: They may have weaker security oversight and less coordination with the parent company, and cybercriminals may find it easier to target entities with social engineering attacks if they speak English or other non-Japanese languages.
Japan's National Police Agency said almost one-third of ransomware attacks in the first half of 2022 targeted manufacturing companies. Cyberattacks in the Asia-Pacific region have increased since Russia's invasion of Ukraine in February 2022, according to IBM's X-Force Threat Intelligence Index 2023 report, which found that 48% of attacks had targeted the manufacturing sector.
While IBM said it had seen a significant rise in Emotet activity targeting Japanese companies, Rapid7 said LockBit 3.0 ransomware operators also increased attacks on Japanese companies, particularly manufacturers, in late 2022 and early 2023.
Rapid7 said Japan faces disproportionate state-sponsored attacks compared to other countries in the region. Russia-linked cybercrime and hacktivist groups such as KillNet and LockBit 3.0 have increased their focus on Japan after the country declared its support of Ukraine after Russia's invasion. Meanwhile, China-linked actors such as APT10-linked Bronze Riverside and Bronze Starlight have targeted China-based subsidiaries of Japanese manufacturers to gain access to intellectual property.
"IP theft is a common goal of Chinese cyberespionage groups. Japan is a significant target for such IP theft both as a regional economic competitor of China and also as the potential source of a large amount of valuable IP in key industries, such as manufacturing, automotive, and technology," Rapid7 said.
Rapid7 also observed Chinese cyberespionage actors such as LuoYu, Tick and BlackTech targeting the Japanese government and other sectors for political, diplomatic and military reasons. The cyberespionage group MirrorFace in July 2022 targeted members of a Japanese political party with spear-phishing emails on the eve of a Japanese House of Councillors election.
More recently, a Chinese APT group targeted foreign government officials who attended a G7 summit in Hiroshima, Japan, in May through phishing attacks and exploiting a 17-year-old Microsoft Office vulnerability, according to security firm SentinelOne (see: Chinese Hackers Targeted G7 Summit Through MS Office Flaw).