Cyber Security Cloud, Inc. (Headquarters: Shinagawa-ku, Tokyo, Representative Director, President and CEO: Toshihiro Koike, hereinafter “our company”), a global security manufacturer that develops anti-hacker services, announced a cyberattack detection report on web applications for the third quarter of fiscal 2022 (July 1, 2022).

The data for the cyber attack detection report is analyzed and calculated by aggregating cyber attack logs observed by "Shadankun" of Cloud-based WAF, provided by our company, which visualizes and blocks cyber attacks on web applications, and "WafCharm (WAF Charm)," an automatic operation service for public cloud WAF.

■ Survey overview
・ Survey period: July 1, 2022 to September 30, 2022
・Survey target: User accounts using “Shadankun” and “WafCharm”
・Investigation method: Analysis of cyber attack logs observed by “Shadankun” and “WafCharm”

■ Recent cyberattack situation: supply chain attacks stand out
Recently, due to the unstable international situation, damage caused by various cyber attacks, especially cyber attacks targeting supply chains, has been conspicuous one after another in Japan. Regarding supply chain attacks, it is extremely rare for a single company to carry out a single company in the process of manufacturing a product, and a series of connections between various companies, such as procurement of raw materials and parts, assembly, packaging, and distribution (this is called a supply chain). It is an attack method that takes advantage of the existence of It refers to a method of finding and attacking "companies with weak information security measures" among various related companies such as various companies, group companies, product parts manufacturers, and logistics companies that exist in such a supply chain. .

■ Total number of detections and trends: About 20 cyberattacks detected per second
In the third quarter from July 1st to September 30th, 2022, the total number of cyberattacks on web applications detected by us was 158,181,684. This means that about 20 cyberattacks are detected per second. By month, July was 46,852,025 cases, August was 50,602,450 cases, and September was 60,727,209 cases, showing a sharp upward trend. This trend has continued for nearly half a year.
Also, looking at this per host, there were 3,644 cases in July, 3,918 cases in August, and 4,637 cases in September, showing a large upward trend overall.

This trend does not necessarily end here, and considering the past trends and the fact that there are a certain number of attackers who target the year-end and New Year holidays, it is believed that this upward trend will continue for some time to come. . In preparation for such an increase in cyber-attacks, it is necessary to once again confirm whether perimeter defense is being implemented comprehensively, take an inventory of all information assets owned by the organization, establish countermeasures for each, and apply and manage them. is recommended.

■ Attack sources/attack types: No major changes from the first half of FY2022
Also, looking at the source IP addresses of cyberattacks during the period by country, the United States ranked 1st, Japan ranked 2nd, followed by Canada, France, Germany, and Russia.
However, since before, when a large-scale organization launches a targeted attack, it does not directly attack the target, but passes through data centers in various countries many times along the way, making it impossible for the attacker to know the true location of the attack source. It is also becoming very common to camouflage. In addition, there are many cases in which the attack is completed in several minutes to several hours, the server is prepared only during that time, and the server is shut down as soon as the attack is completed.

In terms of attack types, "Web attacks," which are attacks against vulnerabilities in the software that makes up web servers, remained at number one with approximately 71 million cases, and "SQL injection attacks" still ranked third with approximately 23.7 million cases. , "Web scan", which explores and investigates the target of the attack and explores vulnerabilities with a simple attack that is performed at random, was ranked 4th with about 8.1 million cases.
In terms of changes from the first half of 2022 (January 1 to June 30, 2022), it seems that there will be no particular changes.

■ Looking at Society as a Whole: Prominent “Supply Chain Attacks” and “Business Email Compromise (BEC)”
In this quarter, there was no noticeable increase or decrease in DDoS attacks in Japan. Also, as many of you may have noticed, in Japan, rather than attacking the so-called hacktivists and cyber forces that are making a fuss in the international situation, rather than attacking for the purpose of satisfying their beliefs and sense of justice. I think that attacks for commercial (monetary) purposes were conspicuous.
Regarding attacks that have been particularly noticeable recently, I think the above-mentioned supply chain attacks and BEC (business email compromise) can be mentioned.

■ Supply chain attacks: security measures throughout the supply chain
The above-mentioned "supply chain attack" can be broadly divided into two types of attacks. The first is to investigate the related companies that make up the product supply chain of the target company (suppliers of raw materials, parts, etc., suppliers, etc.), find those with insufficient security measures, and implement them. Attacks are used as a foothold to infiltrate the target company, or the confidential information of the target company is stolen from related companies.
Another attack is also called a software supply chain attack. Currently, it is common to purchase parts (hardware/software) by function in product manufacturing and combine them to complete IT equipment or software products. Then the attacks install malware and backdoor in those parts, or store malware in product update files, patches, etc. In many cases, the consumers of the products are the direct victims, and the damage can affect a wider range of areas, potentially leading to bigger problems.
Information-technology Promotion Agency, Japan (IPA)'s "Cybersecurity Management Guidelines" states that one of the "Three Principles" that managers should be aware of is "Supply chains that include not only your own company but also business partners and contractors." Security measures are required against We strongly recognize that security measures for the entire related companies and the entire supply chain are required, rather than being relieved by our own response, and we are working to respond, continuously manage and operate, and continue to review and improve on a regular basis. It is necessary.

■ Business email fraud: It is important to quickly notice "uncomfortableness"
BEC (Business Email Compromise) is defined as “a cyberattack in which a person in charge of a company is tricked into transferring money by using cleverly crafted emails to impersonate business partners or executives.” In particular, the main attack pattern was to target people with low IT literacy and who had procedural authority by sending fake emails that are extremely difficult to distinguish, deceiving the target and exploiting money. .
For example, by infiltrating the email system of a target business partner, and altering the "transfer destination only" of the monthly invoice PDF, which is routinely sent, to the attacker's overseas bank account, etc., and sending it from the "business partner's mail server" send legitimately. At this time, the real mail is crafted so that it does not reach the target's inbox. The person in charge transferred the money to the "attacker" without noticing the tampering, and it was only discovered when the client demanded the payment. I think that such a case is one of the typical patterns and the amount of damage is large.
Countermeasures against BEC are to be careful in the individual person in charge, to quickly notice something strange, for example, "It's not my usual bank account" It's important to think about things like, "Will it be transferred to an overseas account?" In an organization, it is important not to create an operation/workflow that can be completed by only one person in charge, but to create a redundant system that someone involved in the process will notice.
IPA has a special business email compromise (BEC) countermeasure page (https://www.ipa.go.jp/security/bec/), which was updated and added in September 2022. There is also a collection of business email compromise cases (https://www.ipa.go.jp/security/bec/bec_cases.html) on the IPA site, which was also updated and added in October 2022. . We strongly recommend that you take these measures into consideration.

■ About Cyber Security Cloud, Inc.
Company name: Cyber Security Cloud, Inc.
Location: JR Tokyu Meguro Building 13F, 3-1-1 Kamiosaki, Shinagawa-ku, Tokyo 141-0021
Representative: Toshihiro Koike, Representative Director, President and CEO
Established: August 2010
URL: https://www.cscloud.co.jp/

Cyber Security Cloud has the philosophy of "creating a safe and secure cyber space for people around the world", and utilizes the world's leading cyber threat intelligence and AI technology to provide web application security services, vulnerability information collection and We provide anti-hacker services such as management tools. We will continue to contribute to the promotion of the information revolution as one of the leading global companies in cyber security, with a focus on WAF.

Main deployment services:
Cloud-based WAF “Shadankun”: https://www.shadan-kun.com
- Public cloud WAF automated operation service "WafCharm": https://www.wafcharm.com
- Cyber Security Cloud Managed Rules for AWS WAF: A carefully selected set of rules for AWS WAF.
https://aws.amazon.com/marketplace/seller-profile?id=baeac351-6b7c-429d-bb20-7709f11783b2
- Vulnerability information collection and management service "SIDfm": https://sid-fm.com