In the latest in a string of high-profile data breaches, Mitsubishi Heavy Industries has confirmed that it has been the victim of a cyber-attack. The company is just now reporting the attack, which occurred in mid-August. Investigations are ongoing.
Mitsubishi Heavy Industries is a defense contractor that provides transportation, warships, missiles, nuclear plants, infrastructure and other products. The Japanese government is a major client.
Public reports indicate that 80 computers and servers were compromised and infected with a virus. Perhaps ironically, Japan's government last week released a white paper that urged defense companies to remain vigilant against cyber attacks in the wake of breaches at the likes of Lockheed Martin, according to a report in the Economic Times.
Japan Under Attack
Yomiuri, a newspaper in Japan, said the infected computers were at Mitsubishi's headquarters in Tokyo as well as satellite locations. At least eight kinds of computer viruses were used in the attacks on Japan's largest defense contractor.
"It's probably just the first report that hacking attacks in Japan have been detected. It's consistent with what we've seen already with big American defense companies," Andrew Davies, a cyber-warfare analyst at the Australian Strategic Policy Institute, told Reuters.
"The Japanese make large conventional submarines that are among the world's most sophisticated...(they) have very nicely integrated solutions with their own mechanical, electronic and control systems, so it a pretty attractive hacking proposition, to get the design of a Japanese submarine."
Poor Perimeter Security?
With over 80 computers compromised, the Mitsubishi Heavy Industries attacks show that once compromised, the internal network can become a playground for sophisticated attackers, according to Adam Powers, chief technology officer at Lancope.
Many organizations place the bulk of their cyber-defense technology at the perimeter of the network, Powers said. Unfortunately, he added, once the attackers breach the perimeter defenses it's easy to compromise additional unprotected resources behind the outer wall.
"Once the attackers have a persistent foothold within the network, detection and remediation can become very difficult," Powers said. "Given the scope of the attack on Mitsubishi Heavy Industries, it may be months before all of the breached resources are discovered."
Although it is not clear if Mitsubishi Heavy Industries had faults in its perimeter security, Powers said, one truth is clear: Mitsubishi and other large enterprises with highly sensitive resources must improve their ability to monitor the interior of the network.
"Organizations must realize that the internal network cannot be trusted. A 'zero-trust' model for segregating and monitoring sensitive resources must be adopted," Powers said.
"Zero-trust assumes that an attack can come from anywhere, both inside and outside the network. It calls for the security of all resources, even those that are within the 'safe' internal network of the enterprise. It's apparent that Mitsubishi Heavy Industries had placed too much confidence in their perimeter security, ignoring the soft and chewy center of their network."