From Fukuoka to Copenhagen: LAC’s Insights on the Latest Cyber Threat Trends

By Hiroaki Kuramochi, CTO at LAC Co., Ltd.
Friday, June 28^th, 2024

FIRSTCON24 Overview

The 36th annual FIRST Conference, "FIRSTCON24," was held from June 9 to 14, 2024, in Fukuoka, Japan. This marked the first time in 15 years that the conference was hosted in Japan, with the last event taking place in Kyoto in 2009. The conference saw a remarkable turnout with 997 participants from 99 countries and regions.

LAC Co., Ltd., a leading Japanese cybersecurity company, proudly sponsored the event as a Diamond Sponsor. We are delighted that FIRST members from around the world enjoyed both FIRSTCON24 and their stay in Japan.

LAC Co., Ltd.: A Legacy of Cybersecurity in Japan

LAC Co., Ltd. is the parent company of Team LACERT in FIRST. LAC was founded in 1986. Back then, we believed that advancements in computing and communication would bring us closer together and make the world feel smaller —a "Little eArth." We stated ourselves with the idea of a security entity to protect this smaller interconnected world.

Since 1995, we have been dedicated to developing and providing services such as Incident Response, Security Operations, Penetration Testing, along with Education and Training. We have accumulated extensive knowledge and expertise, enabling us to safeguard our protected constituents effectively. We believe that FIRSTCON is a symbol of this "little earth."

Initiatives of the Cyber Emergency Center

Our Cyber Emergency Center is a specialized organization established to support companies and organizations affected by cyber-attacks. Operating 24/7, our team of security experts excels in incident handling, network forensics, computer forensics, and computer virus analysis.

At our Cyber Emergency Center, we share the findings and facts uncovered through our investigations as security information with a wide audience. This helps many companies and organizations to take measures against the latest threats. These insights are also available on our website for anyone to access.

Here are some notable reports we've recently published:

• Malware "Thumtais" Targeting Japanese Organizations
  www.lac.co.jp/lacwatch/report/20240605_004019.html
• New Targeted Attack on Japanese Organizations (Operation MINAZUKI)
  www.lac.co.jp/lacwatch/report/20220630_003037.html
• Attack Campaign Using Malware "gokcpdoor" Targeting Japanese Organizations
  www.lac.co.jp/lacwatch/report/20231006_003527.html

Trends in Recent Security Incidents in Japan

We regularly publish a report called "LAC SECURITY INSIGHT." This report summarizes the recent threat trends and characteristics obtained through our frontline activities in analyzing, investigating, and conducting penetration tests against cyber threats. Rooted in actual daily attacks and incidents, the report focuses on threats targeting Japanese companies and organizations, providing valuable insights for cybersecurity professionals. Here, we will introduce some excerpts from the two most recent reports.

• LAC Security Insight Vol. 7 Winter 2024
  www.lac.co.jp/lacwatch/report/20240326_003730.html
• LAC Security Insight Vol. 8 Spring 2024
  www.lac.co.jp/lacwatch/report/20240524_003999.html

Intrusive Ransomware Exploiting SSL-VPN Device Vulnerabilities

In the security incidents handled by our Cyber Emergency Center, malware-related incidents account for 36% of the total, with ransomware-related incidents comprising 17% of that. There has been an increase in consultations regarding intrusive ransomware that exploits vulnerabilities in SSL-VPN devices. These attacks are characterized by the lack of clear signs of damage, making it difficult for organizations to realize they have been compromised. This highlights a new challenge where many organizations are unaware they have been breached.

Additionally, incidents involving advanced persistent threats (APTs) have also increased. There have been confirmed cases where malware spreads to target organizations via file servers shared among supply chain organizations. This emphasizes the need for comprehensive security measures across the entire supply chain.

Increase in Fraud and Financially Motivated Attack Campaigns

Incidents involving fraudulent transfers are also on the rise, particularly those involving information-stealing malware targeting the tourism industry. These incidents have been increasing intermittently since June 2023. A sophisticated attack has been observed where attackers steal the credentials of administrators of hotel reservation sites and send phishing messages to users. Such financially motivated attacks indicate that attackers are operating in an organized manner, necessitating continued vigilance. Additionally, there is a possibility that similar industries with analogous business structures could also be targeted.

Furthermore, consultations regarding support scams have been increasing. Fake warnings of virus infections appear while browsing websites, and when users call the fake support numbers, they become victims of remote control tool installations and monetary demands. The increase in such incidents is attributed to the misuse of search-linked ads and social media ads.

Understanding these recent trends in security incidents can help organizations strengthen their security measures. Our Cyber Emergency Center will continue to provide prompt and accurate responses, contributing to the enhancement of our clients' security.

Looking Ahead: FIRSTCON25

The 37th Annual FIRST Conference will be held in Copenhagen, Denmark, from June 22 to 27, 2025. We look forward to meeting FIRST members from around the world once again!