Cyberattacks Target Critical Infrastructure in Japan; Risk Management Procedures by Companies Questioned

By Hirofumi Morita and Kentaro Otsuka / Yomiuri Shimbun Staff Writers

15:18 JST, December 27, 2024

A pair of cyberattacks on Thursday targeted critical infrastructure in Japan.

Japan Airlines Co. and MUFG Bank Ltd. both suffered system failures due to suspected distributed denial of service (DDoS) attacks, where communication functions are paralyzed by being flooded with a massive amount of data. Other attacks targeting domestic infrastructure facilities have been reported nationwide in recent years.

DDoS attacks

According to investigators, after the failure occurred, JAL consulted the Metropolitan Police Department about a DDoS attack. This type of attack is often conducted by hacktivists, groups of hackers who seek to draw attention to their political views.

After the JAL incident, trouble also hit MUFG Bank. From around 3 p.m. on Thursday, logging in to its internet banking service became unstable.

International investigation

In recent years, a succession of cyberattacks targeting critical infrastructure has occurred nationwide.

In October 2021, 40 computers were infected with ransomware at municipal Handa Hospital in Tsurugi, Tokushima Prefecture, causing the electronic medical records of about 85,000 patients to become inaccessible. The care the hospital provided was affected for about two months.

Nagoya Port, which boasts the nation’s largest trade value, was also targeted in July 2023.

A ransomware attack on its container management system caused operations at its container terminal to be halted for three days.

These attacks were carried out by overseas hacker groups. Police authorities in Japan and overseas worked together to investigate.

Investigative authorities from Japan, the United States, Australia, Europe and elsewhere announced in February that they arrested key members of the international hacker group LockBit, the suspect behind the Handa Hospital and Nagoya Port attacks. The authorities also said they had closed related cryptocurrency accounts and servers.

Risk management

Deficiencies on the part of companies have been pointed out.

“Hackers must first identify the IP address of the target device before carrying out a DDoS attack,” Nobuo Miwa, president of Tokyo-based information security firm S&J Corp., said. “Investigations into the causes must be made quickly, such as whether companies were enforcing strict risk management procedures, to prevent a reoccurrence.”

---

---