Predicting attacks from a “hacker perspective” in intensifying cyber warfare
Representative Director, Alliance Strategy
Interview: Toru Uesaka / Editing: Kanae Maruyama
We're not talking about spy movies like James Bond films or Mission: Impossible.
There is a company that collects and analyzes information in real time from more than 280,000 huge data sources scattered around the deep and dark webs where hacker groups are active and provide that information to client companies. That company is CYFIRMA, a leading cyber threat intelligence company.
In Japan, where national sports events will soon take place, cyberattacks targeting companies, organizations, and critical infrastructure are expected to increase (*according to the Public Security Investigation Agency). Under these circumstances, we asked Gosuke Nakae, Representative Director, what threats we are exposed to and what is happening in Japan.
Hacker groups grow at an alarming rate
Leakage of customer information, leakage of confidential information... When news related to cybersecurity is reported, many companies take measures such as inserting endpoint management tools, building firewalls, and introducing network monitoring services as countermeasures, but, in fact, there is no end in sight whatever you do, says Nakae.
Nakae: “It's a kind of fortification, so to speak. We're going to make our network stronger and stronger. It's the same thing as digging a moat or raising a stone wall. However, the technology of cyberattacks and cybercrime is progressing rapidly.”
It’s like a drone might come flying from the sky even though you have built a moat or a stone wall.
Nakae: “So, who launches attacks, when, for what purpose, and where? If we can understand this even a little bit in advance, we may be able to fortify our defenses more efficiently and effectively. Wouldn't it be nice to be able to detect the movements of cybercriminals and hacker groups in advance and predict attacks? We at CYFIRMA provide such information as threat intelligence.”
What attacks have there been in the past? What attacks are in vogue these days? This type of new virus is spreading. It's important to have a grasp of known information, but hackers' modus operandi is constantly evolving.
Nakae: “It is not always done in the same way as recent attacks. Maybe your company will become the first target of the new modus operandi. A major feature of CYFIRMA is that we provide predictive threat intelligence based on detected signs, rather than past cases.”
The founder is a former British intelligence officer and cyber terrorism professional
One of the key features of CYFIRMA is that it predicts and notifies clients in advance about hacker movements. How is this possible?
Nakae: “Today's hackers act as a team, in groups. They exchange information in various places. In the so-called ‘dark web,’ there are closed, invitation-only forums and sites that only a limited number of people can enter. Criminal information is constantly being exchanged there. We've developed a special technology to monitor the content of those conversations, so we can gather information from them.”
He says this is a strength that other cyber threat intelligence providers can't emulate.
Nakae: “CYFIRMA's founder, Kumar Ritesh, is a professional who worked for British intelligence in cyberattacks and counter-cyber terrorism. It's based on the technology he had.”
After gaining experience in British intelligence, the founder became Chief Information Security Officer (CISO) of a leading Australian resource development company. As a private company, they thought that they could increase the level of information security by utilizing information possessed by government intelligence agencies, so they commercialized this service.
Nakae: “However, although we provide information that ‘you are being targeted,’ it is up to the client to decide how to protect themselves. In other words, it is like a weather forecast that predicts typhoons. Say there’s a typhoon formed off the coast of the Philippines and is moving northward. It looks like it will make landfall here and there in Japan. We will issue forecasts of how strong the rain and wind of the typhoon will be, but it is up to the users to determine the level of danger obtained from the weather forecast and fix their roofs, nail planks on their fences, and take in outside potted plants.”
What CYFIRMA does is sneak into tens of thousands of hacker forums and sites used by people in the underworld to gather information.
Nakae: “What is complicated is that information is not exchanged within one site, but conversations are conducted while hopping through various sites and forums.
Furthermore, the conversations also include fake news and disinformation. We will meticulously collect the data of such conversations, filter that with machine learning and AI, and connect the supernatant extracted as information to identify the context, including the overall background. Using the names and products of client companies as keywords, we go ahead with analysis and interpretation.”
“Threats” are seen differently depending on the country
The most distinctive feature of CYFIRMA is that it develops its business based on Japanese conditions. Although it was established in 2017, most clients are Japanese companies.
Nakae: “We have received investment from foreign capital, but we are not a startup that received investment from overseas venture capital, started a business in Silicon Valley, and then established a local subsidiary in Japan because it was going so well. The founder lived in Singapore but moved to Japan to start a business in Japan. Currently, more than 90% of our clients are Japanese companies.”
The United States and Israel already have companies that provide cyber threat intelligence based on the technology and experience of each nation's intelligence agencies.
Nakae: “However, in terms of weather forecasts, the news of a hurricane in the Gulf of Mexico is not very useful to Japanese people. In this way, threats take on different forms from country to country.”
Above all, no specialized vendors have provided cyber threat intelligence specialized in Japan and centered on Japan.
Nakae: “This is even though there are many world-leading companies in Japan. There is information that hackers want to target, such as personal information and technical information, here and there. There are also international events coming up, which are likewise easy targets for hackers. That's why we chose Japan as the starting point for this project.”
CYFIRMA's website reports cybercrime trends and analyses. There's also the “10 Biggest Threat Predictions” for 2021.
Nakae: "Cyberattacks come from various directions with unexpected and diverse approaches. There are exposure-type ransomware attacks that steal personal and financial information and threaten to expose it if you do not pay for it. Some can break into a network and bring down servers, making it impossible to continue operations. There is no end to attacks using IDs and passwords stolen in targeted email attacks.”
There is also the trick of impersonating a corporate president and ordering the chief financial officer to “send money in secret” under the guise of urgency, which sends the money to the culprit. The Japanese proficiency of overseas hackers is steadily increasing, and their modus operandi are becoming more sophisticated and diverse.
Can the expansion of remote work become a hotbed of risk?
Nakae: “As mentioned, the trend in recent years that has made cybercrime and attacks more complex is that hacker groups are collaborating and working together. For example, when you try to launch a cyberattack, you outsource it to hackers in other countries. This makes it difficult for others to identify you. For countries with economic blockades or that can't earn foreign currency, this can be big business. It is cheaper and more profitable to train skilled hackers than to build intercontinental ballistic missiles. So there is a trend to create a hacker group and attack at the request of other countries and receive a success fee.”
That's why attacks are more complex and sophisticated.
Nakae: “In the case of cyberattacks in Japan, all the companies that suffered damage have done a fair amount of defense work. However, attackers are getting more and more information about the target of the attack, so the attackers have an advantage. Therefore, we want you to be as proactive as possible and take defensive measures by taking advantage of threat intelligence.”
With the COVID-19 pandemic and the popularization of remote work, the risks are higher than ever.
Nakae: “Company systems used to be managed and supervised in a closed form, but quite a few companies have introduced telecommuting by remote access as a pandemic countermeasure. Furthermore, not all companies have necessarily designed their systems on the premise of remote access, so, as a result of shifting to remote access support in a hurry, security is often not even covered. Hackers don't miss this, so they attack.”
Vulnerabilities that pose a security hole in a network or system can be found, or malware may be introduced when someone falls for a phishing e-mail.
Nakae: “In our monitoring survey, we also received information that a group of hackers were conducting reconnaissance activities against a certain Japanese company. There was also information about a security hole in that company's servers.”
In fact, surprisingly, there have been cases where Japanese companies have been infiltrated by hackers through security holes in servers managed by overseas subsidiaries, with the hackers then moving sideways through the company’s systems and stealing information from servers managed by the head office in Japan.
Nakae: “If we can search for information that facilitates attack foreshadowing from a hacker’s perspective based on keywords related to our clients, it will be possible to issue early warnings.”
When you step into the net, it's like walking around a conflict zone unarmed
Nakae joined CYFIRMA in November 2019. Before that, he worked at Mitsubishi Corporation for 36 years, and had been involved in the information industry for a long time.
Nakae: “I've been stationed in Silicon Valley twice. I've been trained in industries such as IT, networking, and telecommunications. I've been involved in information security for nearly 10 years.”
It was during this time that he met the founder of CYFIRMA and decided to work with him.
Nakae: “I had been working in information security for a long time, and, if we can propose solutions so that the country of Japan can properly address this problem, it would benefit the country as well. I thought it would be wonderful if I could contribute to the success of Japanese companies and the development of the world in some way.”
Japan is one of the safest and securest countries in the world, but that also creates blind spots.
Nakae: “In the world of the Internet, you can go and exist anywhere the moment you connect to the network. It’s like walking around a conflict zone in the Middle East unarmed. Moreover, even if you are victimized there, the Japanese police will not help you. The moment you enter the world of the Internet, that is no longer a world where your country protects you. You will have to think and act on your own. The same is true for companies.”
The company has approximately 50 employees worldwide. It has offices in Japan, Singapore, and India. The analyses are mainly carried out in Bangalore, India.
Nakae: “According to the Ministry of Economy, Trade and Industry, there is a shortage of security personnel in Japan of around 200,000 people. Even if there are excellent human resources, they cost a lot to hire. This is why our analytical staff are located in India. In fact, if you're connected to the network, you can gain access from anywhere in the world.”
Japan has about 10 staff members, mainly in sales and user support. Global Business Hub Tokyo (GBHT) is attractive primarily because of its location and good environment.
Nakae: “It's a small startup. It's quite difficult to secure a space that is not 100% unoccupied, such as a conference room, let alone make space for a table tennis table [laughs]. The shared spaces are spacious, the conference rooms are a mix of large, medium, and small rooms, and the amenities are also substantial.”
In addition to the hardware aspects, he says that satisfaction is also high in terms of software.
Nakae: “The hospitality of the staff is wonderful, as well as the work of the receptionists. Attentiveness, smiles, and thoughtfulness. My mind is in a good place when I work there. Oh, and of course the security is perfect.”
Cyber damage is clearly on the rise.
Nakae: “The big worry is that the advanced technology of Japan will be stolen. If a competitor acquires stolen technology, they will be able to make a high-quality product that is on par with that of the Japanese company without spending money on research and development. That is unacceptable. We would like to further promote our business so that we can be of even greater use to Japanese companies.”
If threats are perceived differently from country to country, we have no choice but to change our “perspective” and counter them.
Photography: Tomoyasu Osakabe