[Security Weekly] Japanese Defense Contractor Kawasaki Suffers Data Breach

5th Week of December 2020

 

1. Japanese defense contractor Kawasaki suffers data breach

Kawasaki Heavy Industries, a Japanese manufacturer of heavy equipment for airplanes, ships, and trains, warned its customers of a data breach following a series of cyberattacks on the company over the past six months. Kawasaki is a contractor of the Japanese Ministry of Defense, and supplied parts for the Boeing 787 Dreamliner.

After tracing back a series of incidents, Kawasaki discovered that the initial attack took place on June 11, 2020, when hackers obtained access to a server in Japan via an overseas branch in Thailand. The company then suffered multiple intrusions from overseas offices in the US, the Philippines, and Indonesia.

Despite having no direct evidence yet, Kawasaki warned that data from its overseas offices could have been exposed to malicious actors, possibly leaking its customers’ personally identifiable information (PII) and infrastructure-related information. The company is currently notifying potentially impacted customers. 

Sources: Threatpost, SC Media

 

2. Finnish Parliament hit by cyberattack, emails of MPs exposed

The Parliament of Finland disclosed on December 28 a data breach that affected its internal IT systems, leading to the compromise of the email accounts of MPs (members of parliament).

The IT staff at the Parliament discovered the incident earlier in December. Follow-up investigations showed that the initial intrusion took place in the fall. The cyberattack did not cause any direct damage to the IT infrastructure. However, the email inboxes of a number of MPs were exposed to the hackers. As a result, Finnish police suspected this as a case of attempted espionage.

The government did not reveal how many email inboxes were exposed. Yet, this incident appeared very similar to the Norwegian Parliament breach which occurred at roughly the same time. The Norwegian government later attributed the attack on their parliament to Russia’s military intelligence operations.

Sources: ZDNet, Bleeping Computer

 

3. Whirlpool falls victim to data breach after Netfilim ransomware attack

Whirlpool, one of the largest home appliance manufacturers in the world, was found to be the latest victim of the Netfilim ransomware group. On the weekend of December 26, sensitive data from the Fortune 500 company was published on the Netfilim ransomware’s leak site.

The attack was said to have taken place in early December. As usual, the Netfilim ransomware operators deployed the double extortion approach, in which files from the company’s servers were exfiltrated before being encrypted. The stolen data contained sensitive employee information including details of individual benefits, accommodation requests, and background checks.

It appears that Whirlpool did not respond to the attackers’ demand as the data were eventually published online. The company later confirmed the attack and said that its IT systems had been fully recovered.

To learn about Penta Security’s advice on how to prevent a double-extortion ransomware attack, read: How to Defend Against Double Extortion Ransomware Attacks.

Sources: Bleeping Computer, Bank Info Security

 

Check out Penta Security’s product lines:

Web Application Firewall: WAPPLES

Database Encryption: D’Amo

Identity and Access Management: ISign+ 

Car, Energy, Factory, City Solutions: Penta IoT Security