Connect with us

Hi, what are you looking for?



Rapid7: Japan Threat Landscape Takes on Global Significance

Rapid7 analyzes the Japan threat landscape and warns that attacks against the third-largest economy in the world have global consequences.

Japan is the world’s third largest economy. It attracts both criminal and nation-state cyberattacks. The effects of these attacks can be felt on a global scale.

The primary cause of cyberattacks against Japanese computer systems are the strength and quality of its manufacturing base. The size of Japanese manufacturers makes them an attractive target for criminal extortion. The quality of Japanese products makes the manufacturers’ IP an attractive target for nation-state attackers seeking to improve their own knowledge and economy.

The nature and effect of the attacks turns attacks against Japan into global events – as explained in a Rapid7 report (PDF) titled Japan and Its Global Business Footprint.

The geographical and geopolitical position of Japan places it adjacent and opposed to three of the world’s four greatest wielders of state-affiliated cyberattacks: to the east of China, the south of Russia, and close to North Korea. China and Russia have a history of using cyberespionage to steal IP for their own military or economic use. North Korea is more concerned with stealing money to support its government against global sanctions, but has been known to use ransomware to these ends. For both money and IP, Japan is an attractive target.

Geopolitically, Japan is part of the western coalition, and has its own problems with Russia in the territorial dispute over the Kuril Islands. Its support for Ukraine against Russia likely increases any geopolitical tensions with Russia, but there is relatively little evidence of direct Russian geopolitical retribution against Japan. 

Two possibilities noted by Rapid7 include the Killnet DDoS attacks against the websites of Japanese government organizations and private sector companies in September 2022 (The Japan Times), and the earlier ransomware attack against Toyota in February 2022. The ransomware attack followed the Russian ambassador’s warning to Japan not to support western sanctions over Ukraine, and has led to suspicion (not proof) that there may have been Russian state involvement.

Outside of geopolitics, it is the nature and importance of globalism and the global supply chain that gives attacks against Japan their global relevance. Japanese manufacturers have many subsidiaries outside of Japan. Smaller subsidiaries are likely to be less well-defended than their parent companies and can be used as the entry route taken by attackers.

Advertisement. Scroll to continue reading.

The report notes two further reasons that make this non-Japan route attractive or open to attackers (both criminal and nation state). The first is language. Japanese is widely spoken in Japan, but almost nowhere else, where English is the global business language. For foreign attackers, it is easier to compose a compelling phishing email in English than it is in Japanese. 

“Generally speaking,” Paul Prudhomme, principal security analyst at Rapid7 (and author of the report) told SecurityWeek, “if you speak English, it is easier to send somebody a phishing email or some sort of other social engineering attack.” Foreign subsidiaries or suppliers are consequently a route used to attack Japanese firms. “If you’re a US or UK subsidiary of a Japanese company, you could be at higher risk simply by virtue of the fact that you speak English, which makes you easier to phish.”

The second is the nature of globalism and foreign acquisitions. “If the overseas subsidiary was an acquisition,” he continued, “perhaps that acquisition came with existing compromises or some sort of existing security issue. This is also a key vulnerability.”

Nation state attackers generally avoid causing damage – their primary intent is to steal information, often as quietly as possible. Criminals operate differently. Their purpose is to extort money by whatever means – and ransomware is the favored weapon. In extortion attacks that include encryption of both IT and OT, the purpose is to halt, and ransom, the manufacturing process.

Japanese manufacturers are particularly susceptible to this through the common use of ‘just in time manufacturing’. This is considered an efficient business process – supplies are not accrued and kept in storage until use, but rather are delivered directly to the production line. This releases funds otherwise tied up in stored stock warehouses.

The downside, however, is that there are no stock reserves. This leaves the firm particularly vulnerable to business disruption attacks – the effect is felt immediately. But this is just the beginning. If the manufacturer cannot produce new parts, they cannot be shipped to customers, and those customers may be located anywhere in the world.

The criminals are gambling that the speed of wide scale negative effects from a disruption attack against Japanese manufacturing will facilitate their extortion attempts.

It is the size of the Japanese economy that makes Japan an attractive target for cyberattacks, but it is globalism that makes the effects of those attacks a global issue. The attackers may be nation state actors or outright criminals. They will commonly attack through non-Japanese affiliates or subsidiaries, but the effect of the attacks will reach beyond Japan through exported Japanese manufacturing parts.

The biggest single take-away from Rapid7’s report is that regardless of your organization’s location, if you do business with Japan, you need to consider the ramifications of Japan’s global business footprint and the cybersecurity posture of your Japanese partner or parent. “I cannot emphasize this enough,” said Prudhomme. “With these large and well-known Japanese brands, the attackers will often go after the overseas subsidiaries or affiliates, and then use the initial footholds to move laterally into the parent company in Japan.”

Related: Toyota: Data on 2 Million Vehicles at Risk in Decade-Long Breach

Related: Chinese Cyberspies Targeted Japanese Political Entities

Related: Japanese Gaming Company Confirms Cyberattack

Related: Hackers Steal $97 Million from Japanese Crypto-Exchange

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content


WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem


The overall effect of current global geopolitical conditions is that nation states have a greater incentive to target the ICS/OT of critical industries, while...


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet


On the first anniversary of Russia’s invasion of Ukraine, cybersecurity companies summarize the cyber operations they have seen and their impact.


Russian espionage group Nomadic Octopus infiltrated a Tajikistani telecoms provider to spy on 18 entities, including government officials and public service infrastructures.