DDoS Cyberattacks Becoming More Sophisticated, Larger in Scale; Damages Used to be Minor, But Now Damages Can Be Significant

Japan Airlines Co. aircraft are seen at Haneda Airport after a cyberattack in December.
7:00 JST, February 5, 2025
An ongoing series of cyberattacks on companies in Japan since the end of last year are found to have been carried out by exploiting the flaws in the firms’ countermeasures, a method rarely confirmed in the country.
These types of cyberattacks paralyze communication functions by sending massive amounts of data.
The issue of strengthening measures against distributed denial of service (DDoS) attacks, which became more sophisticated and larger in scale, has become a matter of urgency.
Carpet-bomb attack
“Compared to past ones, the attack was larger in scale,” said an official of a company that experienced temporary system failures because of a DDoS attack at the end of last year.
The official said it was a “carpet-bomb attack,” a type of DDoS attack that targets a wide range of in-house servers and network equipment.
According to a person familiar with cyber security, many of the companies hit by the carpet-bomb attack had installed a content delivery network (CDN) system recommended by the National Police Agency and the National Center of Incident Readiness and Strategy for Cybersecurity in preparation for DDoS attacks. The system allows large amounts of data to be processed across multiple servers, reducing the load on a single server.
However, it is difficult to apply the CDN system to all in-house servers due to cost and confidentiality, so it is only used on some servers.
For this reason, many of the servers that were not protected by the system at the affected companies were hit by the DDoS attacks.
“We have taken all the basic countermeasures, but we are not sure if we can prevent a carpet-bomb attack,” said a security official of a financial institution that has not been hit by an attack.
Evolution of attacks

The number of DDoS attacks began to increase in the first half of the 2000s.
Initially, the attacks were mainly carried out by individuals wanting to show off their cyberattacking ability or to harass others. However, in the second half of the 2000s, the attacks became more organized and included attacks over money or politics.
Regarding the latest series of attacks, no criminal statement or ransom in exchange for restoring the system has been confirmed, according to the informed person. Those involved in cyber security said the attacks may have been carried out as military exercises by a state or as a way to show off the capabilities of an attacker.
Atsuo Inomata, a professor of information security at Osaka University, said it proved to be significant for the attackers as they were able to show off their capabilities by hitting important Japanese systems.
“Damages caused by DDoS attacks used to be somehow regarded as minor and not as serious, but the recent series of attacks showed that the damages also can be significant,” Inomata said.
Bigger attacks
According to the Tokyo-based security company Mitsui Bussan Secure Directions, Inc., the scale of DDoS attacks in terms of data volume, among others, has become several dozen times larger over the past 10 years.
They have become more sophisticated and larger in scale, like carpet-bomb attacks.
Seishi Sato, the company’s senior consultant, said the attacks are “no longer at a level at which individuals and companies can deal with on their own.”
The government plans to soon adopt a bill to introduce an active cyber defense system to prevent cyberattacks on infrastructure at a Cabinet meeting and submit it during the ordinary Diet session.
In the envisioned system, if any signs of a cyberattack are detected, the authorities would be allowed to enter the attacker’s server and neutralize the threat.
Companies are required to strengthen their measures against cyberattacks.
Prof. Tetsutaro Uehara of Ritsumeikan University, who specializes in information security, said, “Measures to restrict communications from abroad should be considered in the service sectors of critical infrastructure that is only used by people in Japan.”
Uehara said so in light of the fact the recent series of attacks were made via IoT (Internet of Things) devices overseas.
"Politics" POPULAR ARTICLE
-
Ishiba Pledges to Boost Japan’s Investment in U.S. to $1 Trillion; Trump Says Meeting with Nippon Steel Execs Scheduled
-
Farm Ministry Eases Rules for Release of Stockpiled Rice; Govt Criticized for Slow Response to Soaring Prices
-
Noda Questions Ishiba on Corporate Donations, Surname System; Disclosure Not Prohibition, PM says
-
Japan Intends to Boost Defense Capabilities on Yonaguni Island; Area Set to Deploy Ballistic Missile Countermeasures
-
Ishiba, Trump Keep it Friendly at White House Press Conference; Development of Close Relationship Between 2 Leaders Might Take Time
JN ACCESS RANKING