Mizushima said JPS staff computers were infected with malware, which exposed combinations of names, birthdates, identification numbers and addresses.
“These are the people’s vital pensions,” Japanese Prime Minister Shinzo Abe said on NHK public television. “I have instructed Health and Welfare Minister (Yasuhisa) Shiozaki to consider the pension recipients and do everything possible.”
The Japan Times reports that emails containing a malicious attachment were sent to JPS employees with the subject line “Regarding the Review of the Employee’s Pension Fund (Draft).”
According to AsiaOne, the attacker used a compromised server at a shipping company in Tokyo to receive the stolen data for temporary storage. Unsurprisingly, AsiaOne reports, “The Tokyo shipping firm was not aware their servers were compromised until informed by police.”
Proficio co-founder and CMO John Humphreys told eSecurity Planet by email that this attack and the recent IRS breach make it clear that government systems are increasingly at risk of attack by cyber criminals seeking personally identifiable information (PII). “Agencies collecting and storing PII should review their security systems and controls to address this threat,” he said.
And Igor Baikalov, chief scientist at Securonix, said it’s notable that everything from execution of the malicious email attachments to exfiltration of the stolen data all succeeded in this case.
“Apparently, both anti-virus control and data loss prevention (DLP) failed in this scenario, and there were no user behavior analytics (UBA) or anomaly detection engine employed that could detect account misuse and suspicious data movement,” Baikalov said.
Separately, the U.S.-Japan Cyber Defense Policy Working Group, made up of representatives of the Japanese Ministry of Defense (MOD) and the U.S. Department of Defense (DOD) recently announced that the two countries plan to increase cooperation on cyber security issues.
“The MOD and DOD, in cooperation with other relevant government agencies, are to explore how to improve cyber information sharing through various channels in a crisis environment, and work toward timely, routine, two-way information sharing and the development of common cyber threat indicators and warning,” the Working Group said in a statement [PDF]. “Both sides also recognize that information and operational security are crucial to facilitating the smooth flow of sensitive information between one another in order to best support the Alliance and its activities.”
“This cooperation agreement will provide benefits to both countries and hopefully will trigger better awareness of cyber defense in Japan among its government agencies, consumers and companies,” Lieberman Software president Philip Lieberman told eSecurity Planet by email.