Press Release

January,31,2023
Digital Arts Inc.

Security Reports: Three year compilation of Domestic Security Incidents
Incidents exceed 1,000, up 1.5 times from previous year while malware infection is up 10 times
— Malware infections increased approximately 10 times YoY, with Emotet and ransomware accounting for the majority of infections —

Information security solutions provider Digital Arts Inc. (headquarters: Chiyoda-ku, Tokyo, Japan; CEO: Toshio Dogu; hereinafter referred to as "Digital Arts"; Code 2326) is pleased to announce the release of a security report that contains a compilation of domestic security incidents from the past three years.

Independent tabulation of information leaks and other security incidents in domestic organizations from 2020 to 2022

Digital Arts has independently compiled a report on security incidents such as information leaks at domestic organizations between 2020 and 2022 based on public reports by the organizations concerned and press materials from the media The total number of domestic security incidents in 2022 was 1,031, approx.1.5 times the 697 incidents of 2021. The most common incident in 2021 was hacking, while malware infection was the most common in 2022 with 383 incidents. This was followed by 159 incidents due to mishandling or inadequate settings, 156 incidents due to loss or theft, and 150 incidents due to hacking.

Malware infection incidents up 10 times

In 2022, there were 383 malware infection incidents, approximately 10 times as many as in the previous year (39 incidents). A further breakdown of the incidents classified as malware infections reveals that 318 incidents were caused by Emotet and 60 by ransomware.

In 2022, there was a sharp increase in reports of Emotet infections, but the number began to decrease in the second half of the year. The reason for this is that Emotet stopped email distribution activities in mid-July, just after the beginning of the second half of 2022. Afterward, some activity was temporarily observed (for about 10 days from November 2 to around November 12), but it ultimately went silent again. Thereafter, no activity over email was observed until the end of January 2023.

This year, there has also been a sharp increase in reports of damage caused by ransomware. There were 60 cases of ransomware, approximately double that of 2021 and six times that of 2020. Not much information on entry routes is publicly available, but according to a survey by the National Police Agency*1, more than half of the cases are from VPN devices.

Security incidents can occur regardless of organizations' size or location — continued attention is necessary

In 2022, malware infection incidents occurred in a variety of organizations, including local governments, schools, and medical institutions across Japan. Location and size of the organizations do not matter when it comes to infections. In recent years, there have also been incidents in which headquarters and production sites within Japan were infected as a result of their outsourcing companies or overseas subsidiaries being hacked. In Information-technology Promotion Agency, Japan (IPA)'s 10 Major Security Threats in 2023, "attacks that exploit weaknesses in the supply chain" ranked second*2in the threats to organizations, showing that it is a serious threat.

Ransomware will continue to be a threat in 2023 and there is no guarantee that Emotet will stay inactive. No matter how small or how far away from urban areas an organization may be, it is important to always be diligent about security measures. In addition to the security measures taken by the organization, it is also important to check and audit the information security measures of suppliers and contractors, and aim for an environment that prevents damage across the entire supply chain.

▼Read the security report below
[January 2023] Domestic Security Incidents for the Past 3 Years
https://www.daj.jp/security_reports/30/

▼Security measures proposed by Digital Arts

■ i-FILTER Ver.10 and m-FILTER Ver.5's new standard of security measures — Whitelisting
With whitelisting, you can safely open all received e-mails and access the website you want to, reducing the management load on the IT department. ------ Digital Arts' whitelisting will help bring about a more secure world.
https://www.daj.jp/bs/ifmf/

■D-Alert Reporting Service detects threats on the web and tells customers how to respond

D-Alert Reporting Service is a report that provides information on malware threats detection and how to respond to it. The report provides information on "when," "to whom," and "what kind of threat" occurred, and clear instructions on how to deal with the threats in the future.
https://www.daj.jp/bs/lp/d-alert-report/



*1 National Police Agency, "Cyber Threats in the First Half of 2022" (Japanese only)
https://www.npa.go.jp/publications/statistics/cybersecurity/data/R04_kami_cyber_jousei.pdf

*2 IPA "10 Major Security Threats in 2023"
https://www.ipa.go.jp/security/vuln/10threats2023.html
Digital Arts Inc. Overview
Digital Arts Inc. is an information security solution provider focused on the development and sales of security software for web, e-mail, files and other uses.
Since its founding in 1995, the company philosophy has been "Contributing to a safer, better, more convenient internet lifestyle" and since developing web-filtering software to prevent the browsing of harmful information on the internet, the company has been promoting internet security products to companies, the public sector and homes everywhere.
Otemachi First Square, West Tower 14F, 1-5-1, Otemachi, Chiyoda-ku, Tokyo, Japan
URL: https://www.daj.jp/