This blog post focuses on the 1st track of JSAC2021, following the previous reports on the 2nd and 3rd track.Opening Talk: Looking Back on the Incidents in 2020Speaker: Takayoshi Shiigi (JPCERT/CC)Slides (English)VideoTakayoshi opened the JSAC2021 with an overview of incidents that JPCERT/CC confirmed in 2020, focusing on targeted attack and widespread attack.Targeted attack in 2020 is characterised by leveraging cloud services for malware operation in multiple stages of attacks from...

Read more

SysmonSearch is a tool developed by JPCERT/CC to analyse event logs generated on Sysmon (a Microsoft tool). https://github.com/JPCERTCC/SysmonSearch SysmonSearch is now compatible with Elastic Stack 7.x. Please note that the new version no longer supports Elastic Stack 6.x versions. This article introduces the new version of SysmonSearch, changes from the previous versions and new functions. Elastic Stack updates Kibana There was a change in Kibana plug-in due to the updates...

Read more

Following the previous article, we continue with the summary of the second half of the ICS Security Conference 2020 program. The Trend in Standardization of ICS Security System -The Introduction and Updates of IEC 62443- By Junya Fujita (Center for Technology Innovation, Control Platform Research Development, Hitachi, Ltd) Slides (Japanese only) In this presentation, the overview of and the updates on IEC 62443, which is the standard in ICS security,...

Read more

On February 14, 2020, JPCERT/CC held ICS Security Conference 2020 at Asakusabashi Hulic Hall. This conference aims at improving security measures and best practices of ICS through sharing threat trend against ICS in Japan and the world as well as the latest security activities conducted in related industries and enterprises. 307 people participated in the event this year. This blog entry and the next one introduce the summary of the...

Read more

In malware analysis, extracting the configuration is an important step. Malware configuration contains various types of information which provides a lot of clues in incident handling, for example communication details with other hosts and techniques to perpetuates itself. This time, we will introduce a plugin “MalConfScan with Cuckoo” that automatically extracts malware configuration using MalConfScan (See the previous article) and Cuckoo Sandbox (hereafter “Cuckoo”). This plugin is available on GitHub....

Read more

As of June 2019, JPCERT/CC has observed targeted emails to some Japanese organisations. These emails contain a URL to a cloud service and convince recipients to download a zip file which contains a malicious shortcut file. This article will describe the details of the attack method. How the VBScript downloader is launched The zip file downloaded from the URL in the email contains a password-protected decoy document and a shortcut...

Read more

Greetings. This is Aki Hitotsuyanagi from ICS Security Response Group. Today, I would like to introduce to you our new document, “Cyber Security First Step for Introducing IIoT to the Factory -Security Guide for Businesses Implementing IIoT-“.The original Japanese version of this document was released August 2018 and has been receiving favorable reviews. IIoT, or Industrial Internet of Things refers to use of IoT in industrial sectors. For example, using...

Read more

xin chào! (“Hello” in Vietnamese) This is Katsuhiro Mori from Cyber Me...

Read more

Following the JSAC2019 Part 1, this article will provide overview of the latter half of the conference. We also uploaded the photos from the conference on Flickr. “Sextortion Spam Demanding Cryptocurrency” by Chiaki Onuma (Kaspersky) Presentation material (Japanese) Sextortion spam is a campaign distributing spam emails in which adversaries aim to extort money (e.g. bitcoin) by threatening recipients by means of sexual contents. Ms. Onuma shared the outcome of her...

Read more

JPCERT/CC organised Japan Security Analyst Conference 2019 (JSAC2019) on 18 January 2019 in Ochanomizu, Tokyo. This conference targets front-line security analysts who deal with cyber incidents on a daily basis, with an aim to create a venue for sharing technical information which helps them better handle ever-evolving cyber attacks. This is the second run of the event following the first one in 2018, and 291 participants attended. In this event,...

Read more