Mitsubishi Electric has released a statement confirming that the company was hit by a data breach in June last year
Mitsubishi Electric is among the world’s most prominent electrical and electronic equipment manufacturing firm, and they facing such a big data breach has shaken the entire industry. Asahi, the newspaper, reported that the unauthorized access began with affiliates in China to spread to bases in Japan. The hackers escalated their access from the initial entry point of Mitsubishi Electric’s internal system to get access to the networks of about 14 company departments ranging across sales and administration.
As speculated, the cyber-attack on Mitsubishi Electric is linked to a Chinese cyber-espionage group, Tick, well-known for targeting Japan over the last few years. The unauthorized access got tracked to a compromised employee account where hackers were able to swipe 200 MB of files by hacking Mitsubishi Electric’s internal networks.
The official investigation in the breach began in September after the breach on 28th June 2019.
The hackers successfully stole sensitive data from the company’s internal network from a number of PCs and servers in Japan and overseas. The company did not deny the news of data exfiltration but continued to deny the report of intruders stealing data on its defense contracts. It is now investigating the incident, but the deleted access logs have slowed down the investigation process.
Japan is treating this incident with the utmost severity as Mitsubishi Electric is one of the most significant defense and infrastructure contractors for the Japanese government. The company closely works with the Japanese government for military, railway, electric and telecommunication projects.
Vinay Sridhara, CTO, Balbix:
“The attack on Mitsubishi Electric highlights the all too sobering reality that security is only as strong as the weakest link, with connected affiliates and third parties in the supply chain constituting links as well. In this case, it appears that a China-based Mitsubishi affiliate was infiltrated via a compromised employee account. As with many other attacks, that foothold was used to move laterally across the network, ultimately giving the attackers access to 14 business units.
Unfortunately, vulnerability scanning typically revolves around unpatched software on managed assets, creating a risk blind spot for most organizations. A compromised employee account would not show up on traditional vulnerability assessments. Two-factor authentication via a trusted second factor must be deployed to reduce the risk of breaches that occur from compromised credentials within an organization. Enterprises need to understand that it is not only humans who hold credentials. Servers, network devices, and security tools often have passwords that enable integration and communication between devices. With access to machine-to-machine credentials, hackers can move throughout the enterprise, both vertically and horizontally, giving almost unfettered access to an IT system.”
Greg Wendt, executive director, Appsian
“Business applications and systems have become a frequent target of espionage. Largely because compromising a user’s credential has been identified as the most effective way to access sensitive business information without appearing suspicious enough to trip security alerts. Global companies continue to prioritize traditional network security; however, threats are evolving rapidly and are increasingly becoming user-centric, originating at the business application level.
Enterprises such as Mitsubishi Electric must gain a comprehensive understanding of how identity has become the new network perimeter in modern security environments, which are governed by mobile devices, remote connectivity, and web-facing applications. The first line of defense is no longer a network firewall – it’s now the end-users. Today’s threats have evolved to exploit these new weaknesses and unfortunately, many organizations lag behind. It is critical to implement a multi-layered approach for users requesting access to sensitive data. For example: combining additional authentication steps, contextual attributes, and even fine-grained controls on specific data fields. It is not just about keeping data from bad actors, but also utilizing the least privilege strategy that never grants “high privilege” access to a user by default – but limits access to what data is deemed absolutely necessary.
Also, granular logging and analytics around sensitive data access must be incorporated. Otherwise, bad actors can live inside systems for months or years and go completely undetected.”