INOUE DaisukeDirector of Cybersecurity Laboratory, Cybersecurity Research InstituteAfter completing a doctoral course in 2003, he joined Communications Re-search Laboratory (currently NICT). He has been engaged in research and de-velopment of network security focusing on Network Incident analysis Center for Tactical Emergency Response (NICTER) since 2006. Ph.D. (Engineering).n response to the COVID-19 out-break, the Japanese government declared a state of emergency on April 7, 2020. Since then, many types of con-ventional activities have been replaced by online activities (e.g., work from home (WFH) and online schooling). These activ-ities have been supported by variousICT, including video conferencing tools and VPNs—secure, high-speed networks. How-ever, many incidents of cyberattacks that use COVID-19-related information as a lure have been reported. Thus, we have seen both the bright and dark sides of the ICT.The increased use of online services due to widespread COVID-19 infection has been supported by ICT, such as high-speed net-works available across Japan, VPNs that are secured with encryption techniques and chat and video conferencing tools that make re-mote communications easy and convenient.In addition, ICTs have been playing a vital role in collecting and sharing informa-tion on COVID-19. For example, the Tokyo Metropolitan Government's COVID-19 in-formation website*1 is designed to effectively convey various types of information using infographics. Apple and Google jointly re-leased a COVID-19 contact tracing API on smartphones. In Japan, the messaging appli-cation LINE has been used to conduct na-tionwide surveys*2 for preventing COVID-19 infection.While the use of ICT has been helping us cope with COVID-19, many incidents of cy-berattacks taking advantage of the COVID-19 pandemic have also been reported. The num-ber of people receiving COVID-19 phishing emails has increased rapidly. These emails typically mention COVID-19 and face masks in their subject and main text sections. The number of COVID-19 phishing emails NICT received in 2020 increased monthly from 30 in March to 71 in April and to 127 in May. Many cyberattacks were attempted during the rapid transition from “work from ofce” to “work from home” arrangements. These attacks took a variety of forms, e.g., some attacks targeted the vulnerability of VPN products*3, others were detected as brute-force attacks against the Remote Desktop Protocol*4 and yet others were identied as unauthorized third parties breaking into online meetings using video conferencing tools*5.Moreover, ransomware attacks on health-care providers have been a serious issue. Ransomware encrypts data on the infected computers, making it inaccessible to the vic-tims. The attackers then demand a ransom payment from the victims in return for de-crypting the data. In May 2020, the technol-ogy system of Fresenius—the largest private hospital operator in Europe—was found in-fected with the Snake ransomware, interrupt-ing the company's operations*6. Warnings were issued for COVID-19-themed cyber-attacks targeting healthcare institutions rst by INTERPOLin April 2020 and then jointly by CISA in U.S.A. and the NCSC in UK in May*7*8.The WFH practice was rapidly adopted and continues to be widely implemented in Japan. Many organizations traditionally use “boundary protection measures” to secure their internal networks by setting up a de-fense against malicious and other unautho-rized communications at the external bound-ary of the network. However, this mechanism is becoming inadequate because of the drastic changes in work environments. In response, an increasing number of organizations have adopted a so-called Zero Trust security mod-el: an emerging paradigm. This model focus-es on protection of information assets rather than network security*9.Well before COVID-19 became a threat, NICT created a secure work-from-home en-vironment for its employees by making VPNs available to them and developed a sophisti-cated security management system based on earlier research on NIRVANA-Kai*10 and other technologies. These efforts, including the devoted support from the ICT System Of-ce, facilitated smooth transition to a WFH-based organizational operation in NICT. Lastly, I would like to express my gratitude to all the people around the world working to protect the ICT environment.ICOVID-19 Brings Out Light andDark Sides of ICTHow NICT R&D Can Underpin COVID-19 Aected Society(*1,*2,*3 ,*10 are written in Japanese.)*1 https://stopcovid19.metro.tokyo.lg.jp*2 https://guide.line.me/ja/coronavirus-survey.html*3 https://blogs.jpcert.or.jp/ja/2020/03/pulse-connect-secure.html*4 https://securelist.com/remote-spring-the-rise-of-rdp-bruteforce-attacks/96820/*5 https://www.justice.gov/usao-edmi/pr/federal-state-and-local-law-enforcement-warn-against-teleconferencing-hacking-during*6 https://krebsonsecurity.com/2020/05/europes-largest-private-hospital-operator-fresenius-hit-by-ransomware/*7 https://www.interpol.int/en/News-and-Events/News/2020/Cybercriminals-targeting-critical-healthcare-institutions-with-ransomware*8 https://us-cert.cisa.gov/ncas/alerts/AA20126A*9 https://csrc.nist.gov/publications/detail/sp/800-207/nal*10 https://www.nict.go.jp/press/2016/06/07-1.htmlNICT NEWS 2020 No.64
元のページ ../index.html#6