Japanese government targeted by SaaS cyberattacks
In 1998, the Japanese multinational Fujitsu developed an information and project management platform called ProjectWEB. Given the company's huge presence across the country, this SaaS tool has ended up being used by many Japanese organizations across public and private sectors.
A few weeks ago, Fujitsu and Japan's National Center for Incident Readiness and Strategy for Cybersecurity (NISC) reported that ProjectWEB had suffered a cyberattack during which confidential data had been leaked. These data included files that government officials upload to the platform, and it was confirmed that institutions such as the Ministry of Infrastructure and Transport, the Cabinet Office and Narita Airport had been affected. The hack was so serious that the local Japanese press reported that 76,000 emails were compromised, and Fujitsu was forced to shut down the platform temporarily.
Tokyo Olympics
Some cybersecurity analysts believe that this incident is part of a hacking campaign against Japan in the run-up to the Tokyo Olympics. As it was a data theft for which no ransomware has been demanded, this suggests it may have come from threat actors linked to foreign powers, with the aim of stealing sensitive information from the Japanese government or about its critical infrastructure.
In fact, there have been other recent precedents in Japan: back in April hackers succeeded in stealing confidential files from government systems using the file-sharing network FileZen, from the Japanese firm Soliton, as an entry vector. The cyber attackers exploited two vulnerabilities in the software to gain access to networks that were not protected by a firewall.
Firewalls and Unified Threat Management
Both of these incidents are reminiscent of Sunburst, the large-scale cyberattack in the US that used Solarwinds’ corporate network management software and affected corporations such as Microsoft, Intel, Cisco or SAP, as we explained previously in the blog.
These attacks show that MSPs must implement tighter cybersecurity measures in the organizations' networks, especially if they manage large companies that have critical infrastructures or bodies attached to public administrations.
A critical first step is to ensure that all third-party software and platforms used have the latest updates installed. This significantly reduces the chances that they can be used as an entry vector by exploiting potential vulnerabilities.
However, this step alone is not enough: cyberattacks are becoming increasingly sophisticated and can employ other, more advanced tactics to compromise corporate networks, especially if they come from state-linked groups, which often have highly trained personnel and vast resources. That's why they need advanced firewalls to provide comprehensive security for their networks.
In this regard, WatchGuard Firebox firewalls provide high-performance Unified Threat Management (UTM) through desktop, rack and extreme-conditions Firebox appliances. Moreover, these firewalls are very easy to manage from the cloud and provide full visibility across the network through WatchGuard Cloud.
WatchGuard also supplies other options that allow administrators to extend their security perimeter towards the cloud and protect servers running in public cloud environments, such as WatchGuard Firebox Cloud.
Thanks to these solutions, the risk of threats to corporate networks and other platforms, such as the cyberattacks that have occurred in Japan, can be reduced enormously.