At least 607 Japanese entities, including major firms and government agencies, have been targeted by cyberattacks as hackers exploit vulnerabilities in the technology used for remote work amid the coronavirus pandemic, an information security expert said Monday.
Many of the organizations, which are clients of a virtual private network service provided by Fortinet Inc., had staff IDs, passwords and other authentication data stolen after a list of some 50,000 of the U.S. firm's unpatched VPN appliances was leaked on the internet on Nov. 19.
Over 10 percent, or around 5,400, of the appliances on the list were linked to Japanese entities, including major hotels, cybersecurity firms and public hospitals, according to the expert.
Among those hit by attacks were the Japan National Tourism Organization, Recruit Holdings Co. and Sapporo University. The National Police Agency also said it has had 46 cases of unauthorized access since August last year.
Tokyo-based cryptocurrency service provider DeCurret Inc., which hosts a digital currency seminar attended by three of Japan's megabanks and Nippon Telegraph and Telephone Corp., had 10 pieces of authentication data stolen.
Fortinet released patches in May 2019 to fix vulnerabilities in its VPN service, with IT expert organizations in Japan also repeatedly issuing warnings. It is believed that the organizations that suffered security breaches had not applied the patches.
VPN usage has increased as companies encourage employees to work from home due to the novel coronavirus pandemic.
There are growing concerns that damage from authentication data theft could be wide-ranging as an attacker can easily access an organization's internal system to steal confidential information.
Organizations identified as having suffered a leak are being contacted by government agencies and internet service providers, as well as being alerted by the Japan Computer Emergency Response Team Coordination Center.
"The (VPN) appliances on the list are already being hit by many attacks. Some organizations may find their systems taken over (by hackers) in the future," said Nobuo Miwa, president of information security firm S&J Corp. in Tokyo.
