It wasn’t that long ago, the famous Japanese company Fujitsu got hit by a cyber attack. A week ago, it was reported that “threat actors have stolen files from several official government agencies of Japan by hacking into Fujitsu’s software-as-a-service (SaaS) platform and gaining access to its systems”. The attack proved to be detrimental that the company had to disable the ProjectWEB interface temporarily. It was later understood that the attack had a tremendous impact over various sectors including Ministry of Land, Infrastructure, Transport and Tourism, the Cabinet Secretariat and finally Narita Airport. Recorded future (US-based firm) also reported amongst these attacks some others may have been impacted as well. Now after Fujitsu, the company Fujifilm gets attacked by a ransomware. The multinational conglomerate has been forced to shut down parts of its global network after falling victim to a suspected ransomware attack. The company, which is best known for its digital imaging products but also produces high-tech medical kit, including devices for rapid processing of COVID-19 tests, confirmed that its Tokyo headquarters was hit by a cyberattack on Tuesday evening.
According to Cabinet Cyber Security Centre the intrusion was experienced by Fujitsu on May 24th post which the ProjectWEB interface was shutdown. The press had also reported that the stolen documents might have contained close to 76,000 email addresses of working officials across various sectors though the report is yet to be officially confirmed. [Reference]. Threat post had also described that the data on air traffic control was nabbed from the Narita Airport, which serves Tokyo, according to a separate report by Japanese public broadcaster NHK. Authorities have not disclosed any knowledge of who was behind the attacks nor what their motives may have been. The attack is the second digital episode the public authority of Japan has endured in a month. In late April, threat actors utilized two vulnerabilities (FileZen) in a mainstream document sharing worker from Japan-based Solito to penetrate corporate and government frameworks and take sensitive information as a feature of a worldwide hacking effort that influenced the Japan Prime Minister’s Cabinet Office. [Reference]
While Fujifilm is keeping tight-lipped on further details, such as the identity of the ransomware used in the attack, Bleeping Computer reports that the company’s servers have been infected by Qbot. Advanced Intel CEO Vitali Kremez told the publication that the company’s systems were hit by the 13-year-old Trojan, typically initiated by phishing, last month. The creators of Qbot, also known as QakBot or QuakBot, have a long history of partnering with ransomware operators. It previously worked with the ProLock and Egregor ransomware gangs, but is currently said to be linked with the notorious REvil group. “Initial forensic analysis suggests that the ransomware attack on Fujifilm started with a Qbot trojan infection last month, which gave hackers a foothold in the company’s systems with which to deliver the secondary ransomware payload,” Ray Walsh, digital privacy expert at ProPrivacy, told TechCrunch. “Most recently, the Qbot trojan has been actively exploited by the REvil hacking collective, and it seems highly plausible that the Russian-based hackers are behind this cyberattack.” [Reference]
Furthermore, JBS the famous meat packing plant was hit by a ransomware and FBI reports claim that the attack was done by the REvil group. In a statement late Wednesday, the FBI attributed the attack on Brazil-based meat processor JBS SA to REvil, a Russian-speaking gang that has made some of the largest ransomware demands on record in recent months. The FBI said it will work to bring the group to justice and it urged anyone who is the victim of a cyberattack to contact the bureau immediately. REvil has not posted anything related to the hack on its dark web site. But that’s not unusual. Ransomware syndicates as a rule don’t post about attacks when they are in initial negotiations with victims — or if the victims have paid a ransom. In October, a REvil representative who goes by the handle “UNKN” said in an interview published online that the agriculture sector would now be a main target for the syndicate. REvil also threatened to auction off sensitive stolen data from victims who refused to pay it. [Reference]
After looking at these attacks, every cybersecurity professional is intrigued to understand if there is a way out of the miseries caused by ransomware and a strong pillar of support in terms of defending such ransomware attacks. Every infrastructure across the globe is at risk with this threat landscape and it is going to continue to worsen with time to come. Half the year down, more than billions of losses incurred as a result of ransomware attacks . Since it is extremely unlikely to totally secure your organization against these attacks, one ought to receive a ‘protection inside and out’ aka defense-in-depth approach. This implies utilizing layers of safeguard with a few alleviation at each layer. One will have more freedom to identify these threats and afterward stop it before it makes genuine damage your association. You ought to accept that some ransomware will invade your organization, so you can find ways to restrict the effect this would cause, and accelerate your protection.
Article by Kaushik Sundararajan
I am a security professional specializing in network security. With vivid experience in different industries, I am looking to explore the current cyberspace and discuss the ideology of certain ideas from a different perspective.