According to the Asahi newswire, sensitive information concerning vital defense equipment – such as fighter jets, as well as nuclear power plant design and safety plans – were accessed, almost certainly by an outsider to the company.
This is the first time, says the newswire, that sources have acknowledged that defense and nuclear plant information may have leaked from Mitsubishi Heavy's computers due to a computer virus, despite the company saying it had taken appropriate safeguard measures.
“The computers were found to have been hacked in August, and 83 computers were found to have been infected with a virus. Those computers were spread out over 11 locations, including the Kobe and Nagasaki shipyards that construct submarines and destroyers as well as the Nagoya facility that is in charge of manufacturing a guided missile system”, adds the newswire.
The newswire goes on to say that its sources suggest that a further investigation into dozens of computers at other locations found evidence that information about defense equipment and nuclear power plants had been transmitted from those computers to outside the company.
According to the Softpedia newswire meanwhile, the recent Mitsubishi attack was highly analyzed by the media and by specialists, but now it turns out that the damage is far more severe than originally estimated, with multiple computers in various locations infected with a virus that allowed a cybercriminal to steal classified data from locations such as the Kobe and Nagasaki shipyards, which are responsible for building destroyers and submarines.
Fortunately, added the newswire, Mitsubishi Heavy was obligated by the ministry to deploy strict protection policies that may have secured the highly classified data, but so far it's unknown exactly how many things ended up in the wrong hands.
Commenting on the reports, Ross Brewer, managing director of audit and logging specialist LogRhythm, said that, as cyberattacks have become more sophisticated – and their perpetrators more organized – firms holding data on critical national infrastructure are finding themselves increasingly targeted.
“Earlier this month Mitsubishi Heavy stated it was repeatedly finding itself the target of attacks, including over 50 different strains of virus, while some of its competitors have also reported receiving malicious emails”, he said, adding that the term ‘cyber warfare’ has had its detractors lately, with some feeling it overplays the impact online attacks can have in the real world.
“Thomas Rid, an expert in war studies at Kings College London, criticized it recently, claiming that the lack of a lethal act of force precludes cyber attacks from being categorized as warfare”, he explained.
According to Brewer, the Mitsubishi Heavy data leak seems to contradict this though as it involves equipment ordered by Japan’s defense ministry, something that could have significant consequences for armed forces on active duty.
Specific nuclear power plant data, he noted, could also be used offensively against any country that integrates them as part of its national grid.
“So far, Mitsubishi Heavy has been unable to clarify exactly what has been leaked. This is revealing – guardians of sensitive data should have Protective Monitoring systems in place that can identify any data that has been compromised”, he said.
“By monitoring and analyzing 100% of log data generated by the IT estate, these systems are able to identify anomalies in real-time, generate alerts and produce accurate reports showing what has occurred. Without them in place, organizations reduce the odds of detecting attacks when they occur, and their ability to respond in the aftermath”, he added.