LAC Co., Ltd. (Tokyo Stock Exchange/JASDAQ: 3857), a leading company in cyber security services in Japan, published its English version of Research Report on Advanced Persistent Threats in Japan on March 19. This report presents the results of analyses performed by Cyber Grid Japan based on information that was obtained by LAC's Cyber Emergency Center through its responses to emergencies and its investigations into data breaches. It is the first technical report published in Japan on the results of research and analysis into some 80 Advanced Persistent Threats (APTs), which are highly skilled cyber-attacks targeting specific companies and organizations, that occurred in Japan.

- Download Report  (http://www.lac.co.jp/security/report/2015/03/19_cgview_01.html)

(Photo : http://prw.kyodonews.jp/prwfile/release/M103040/201503188635/_prw_OI1fl_6tz11Q1E.png)

An example of the APT cyber-attack method was the covert attack on Google, Inc. reported by the media in January 2010 and that attracted global attention. Unlike conventional attack methods that spread computer viruses randomly, an APT is carried out using viruses that cannot be detected by existing anti-virus software. In Japan as well, companies and government organizations were reported to have fallen victim to APTs during the second half of 2011.

As a leading company in information security services, LAC operates the Cyber Emergency Center to provide emergency support in the event of a security breach. Since we launched our services as a computer incident specialist organization in 2004, we have dealt with nearly 1,000 cyber emergencies. In recent years, the Cyber Emergency Center has been asked to conduct investigations into increasing numbers of APTs. As a result, we have made considerable progress in the technological analysis of such cyber-attacks.

-- Characteristics of this report

- Based on the findings regarding the damage caused by approximately 80 APTs investigated by LAC, we analyze the technological aspects of cyber-attacks and trends regarding methods used by attackers, and describe the features commonly observed among different APTs.

- Trace evidence on multiple APTs has revealed cases where the same attackers were simultaneously targeting different companies. Such a discovery could only be made by LAC, an organization which has been investigating APT-related damage suffered by a large number of companies (see the figure below).

- In some cases, a malware-infected computer detected in an investigation was communicating with an identical IP address used in another case that had previously been investigated. This led us to assume that the cause of the infections was also the same, thereby solving the problem in a short period of time (the encircled areas in the figure below). Collecting trace evidence on past cyber-attacks is likely to enable us to implement countermeasures promptly in the event of an emergency.

(Figure : http://prw.kyodonews.jp/prwfile/release/M103040/201503188635/_prw_OI2fl_TtrJ9Dvm.jpg)

The above figure shows the relationships between APTs confirmed based on our research on cases observed in three different organizations. Findings revealed by the investigation on three APTs (A (red), B (black) and C (green)) are pointed to by different colored arrows. The encircled icons show the IP address that the malware detected in case B was communicating with and the certificate attached to the malware were the same as those used in case A.

In addition to information gathered by the Cyber Emergency Center, Cyber Grid Japan (LAC's think tank), also performed detailed analyses of data obtained through information security checking services that evaluate the risk of data theft and security breaches in organizations. In this report, based on these analyses, LAC provides an overview of methods used in APTs as well as of the relationships between multiple different APTs for the first time in Japan.

About LAC Co., Ltd. (http://www.lac.co.jp/corporate/index_en.html)

Established in 1986 for a system development project, LAC is a leading cyber security company that launched security services in 1995 for the first time in Japan. As a result of a business merger, the company was restarted as LAC Co. in 2007. LAC provides a wide range of security services, including: vulnerability analysis services supported by a proven track record; security monitoring/analysis services by JSOC, one of Japan's largest security monitoring centers, available 24 hours a day throughout the year; as well as Cyber Emergency support services that provide response and support in the event of a data breach and other emergencies. In addition to these, the company also offers total IT solution services - including system development services that originated from the development of platform systems for financial institutions - to government agencies, companies, and other organizations. As a security service provider, LAC has over 7,300 enterprise customers and 800 government customers in Japan.