Professional Documents
Culture Documents
27 | November 2022
There is no doubt that information systems are now essential resources for the lives of individuals and for
the activities of governments and companies. On the other hand, cyber-attacks aimed at disrupting or
destroying information systems or stealing information from them are on the increasing worldwide, and the
attacks are becoming more large-scale and diverse, making them a serious risk for both governments and
businesses. Furthermore, in recent years, cyber-attacks via the supply chains and cyber-attacks targeting
overseas subsidiaries, whose countermeasures are considered to be weaker than those of the head offices,
have been increasing, requiring a wider range of responses from each organization.
This article provides an overview of cyber-attack risks, which are considered relatively difficult to
understand for those outside the information systems sector, and introduces the characteristics of incidents
that have occurred in recent years and the responses required from each organization.
[Actual Case 1]
Rank 2022 2012
In 2020, a major Japanese video game
Damage caused by
1st Targeted attack manufacturer, Company A, received
ransomware
unauthorized access from a third party,
Theft of confidential
Business suspension resulting in the spread of ransomware infection
2nd information by
due to disaster within the company's internal network. The
targeted attacks
cybercrime group “Ragnar Locker” stole
Attacks exploited
Attacks by common confidential information, including personal
3rd weaknesses in the
thought groups data of customers/employees/applicants for
supply chain
employment and secrets of marketing,
Attacks aimed at new- Attacks targeting
encrypted the data and demanded USD
normal working style client software that
4th 11million in Bitcoins (equivalent to JPY 1.15
such as Work From has forgotten to
billion in value at the time) as a ransom in
Home update
exchange for the decryption and deletion of
Information leakage Attacks targeting
5th the stolen data.
due to internal fraud websites
Increased exploitation As the company refused to pay, the attackers
following the release Attacks targeting disclosed at least 100 gigabytes of the stolen
6th of vulnerability smartphones and data on the internet on three separate
countermeasure tablets occasions. As a result, the company suffered a
information major information leakage incident.
Attacks targeting
Conventional ransomware
before the release of a Unexpected pitfalls in
7th
corrected program electronic certificates
Encryption of data & systems
(zero-day attacks)
Financial damage
Internal crimes and
8th caused by business
information leaks
email fraud
Business suspension
9th due to unforeseen IT Reuse of accounts
infrastructure failures
Damage caused by Recent ransomware
Improper handling of
10th carelessness Encryption of data Disclosure of confidential
user information.
information leaks, etc. & systems information
■ Common Countermeasures
Level of Countermeasures
Low High
Common countermeasures against cyber-attacks are
similar to general information security measures.
4) Attackers targeting vulnerabilities in telework They can be broadly divided into countermeasures
environments against human errors and mechanical errors.
With the global spread of novel coronavirus ❑ Countermeasures against human errors
infections, “Work From Home (WFH)”, the use of This includes regular education and training of
ICT (Information and Communication Technology) information system users to prevent them from
to work away from the office, has become opening suspicious emails. For this purpose, it
widespread around the world. Opportunities to is effective to educate them which sites they
access company systems from home via VPNs should not access and how to identify
(virtual private networks) and to hold meetings suspicious emails they should not open files
with their own or other organizations using web from. It is also necessary to inform them that
conferencing services have increased, however they must voluntarily report to the information
systems department etc., in the event that
the use of personal computers and home
they do access or open an infected file.
networks and the hasty introduction of first-time
software without adequate preparation have There are two types of training, training for
made the work environment vulnerable. This led individuals and training for the organization as
a whole. For individuals, the training is called
to vulnerabilities in the work environment and an
“phishing email training”, in which dummy
increase in incidents such as unauthorized access
suspicious emails are sent to each employee, and
to internal systems, peeping into web conferencing if they open the file, they are instructed that “you
and PCs for WHF being infected by viruses. have accidentally opened a targeted email...”.
-3- @ Tokio Marine Asia Pte. Ltd. All Rights Reserved
TM-RE News Issue No. 27 | November 2022
For Organizations, they are required to be ❑ Countermeasures against attacks that exploit
trained in procedures for responding to supply chain weaknesses
incidents such as information leaks (detection It is effective to establish an information
and reporting), decisions on setting up task sharing system among supply chains. Firstly,
forces, whether forensics should be carried out identify organizations that share the same
or not, public relations responses, etc.). information systems so that the impact of an
incident can be quickly ascertained in the
[Example] Suspicious emails used in event of the incident. Moreover, if a software
targeted email training
used by other organizations or linked to their
Subject Virus infection detected information systems becomes infected with a
“Information Security”
virus or receives unauthorized access, a system
From
<isecalert325@gmail.com> should be established to promptly share this
➢ Free email account information with all organizations using the
software.
For users of terminal number PX215456D
➢ Fictitious ID ❑ Countermeasures against attacks targeting
A virus infection has been detected on a PC used by you in vulnerabilities in remote work environments
our terminal monitoring system. It is effective to establish an information sharing
There is still a risk that personal and confidential system between supply chains. Identifying
information may have leaked. organizations that share the same information
systems so that the impact of an incident can be
In order to prevent the damage from spreading, please take
immediate action according to the linked procedure. quickly ascertained when it occurs.
Disclaimer: The information, suggestions, and recommendations contained herein are for general informational purposes only.
This information has been compiled from sources believed to be reliable. No warranty, guarantee, or representation, either
expressed or implied, is made as to the correctness or sufficiency of any representation contained herein.
Writer: Mr. Kenji Aoshima, General Head Consultant, Risk Management Dept., Tokio Marine dR Co., Ltd.
-4-
-4- @ Tokio Marine Asia Pte. Ltd. All Rights Reserved