In a worrying trend for the cybersecurity landscape, Japanese companies are becoming prime targets for ransomware attacks, according to experts from Nihon Cyber Defence (NCD), based in Tokyo. Their vulnerability is exacerbated by inadequate defenses and a tendency among numerous organizations to comply with ransom demands through undisclosed channels. This insight comes on the heels of a statement from Japan’s National Police Agency, which recorded 222 official ransomware incidents in 2024. Despite this figure representing a 12 percent increase from the prior year, NCD indicates that this is merely a fraction of the actual attacks occurring.
A recent survey highlighted the challenges faced by affected companies, with 49 percent reporting that it took over a month to recover data compromised in ransomware incidents. Notably, Asahi, a significant player in the beverage industry, reported no confirmed breaches of customer data. However, as a precaution, it has been actively investigating the nature of a recent cyber incident that prompted the postponement of the launch of eight new products, including fruit soda and protein bars.
In response to escalating concerns about cybersecurity threats, the Japanese government enacted legislation in May to bolster its capabilities against cybercriminals and state-sponsored threats. Itsunori Onodera, chair of the government’s policy research council at that time, emphasized the urgent need to enhance the nation’s cybersecurity infrastructure, warning of serious risks to the public if improvements were not made.
The impact of the cyber event on Asahi has been significant, leading the company to explore alternative order processing methods, including a trial of paper-based systems for deliveries. Fortunately for Asahi, operations outside Japan, including those in Europe where it markets Peroni Nastro Azzurro, have not experienced disruptions from the cyber incident.
Given the nature of the attack on Asahi, it is plausible to consider a range of tactics and techniques outlined in the MITRE ATT&CK framework that may have been employed. Initial access often serves as the first step in such incursions, potentially achieved through phishing or exploiting vulnerabilities. Subsequently, techniques for privilege escalation could have been utilized to gain broader access to organizational systems.
As businesses worldwide grapple with the evolving threat landscape, the challenges faced by Asahi and others highlight the necessity for proactive cybersecurity strategies. Immediate and strategic actions are crucial in developing resilience against increasingly sophisticated attacks aimed at critical infrastructure and business operations.
