February 5, 2025
TOKYO – A series of cyberattacks targeting airports, financial institutions and other key infrastructure in Japan during the year-end and New Year seasons were “carpet-bomb” attacks that targeted a wide range of corporate servers and network devices, The Yomiuri Shimbun has learned from interviews with people familiar with the matter.
A carpet-bomb type of strike is a distributed denial of service (DDoS) attack in which large amounts of data are sent to paralyze systems.
It is unusual for carpet-bomb attacks to be carried out on such a large scale in Japan. They are more difficult to counter than conventional attacks that target specific devices, and experts are calling for the need to introduce “active cyber defense,” a system to prevent serious cyberattacks on critical infrastructure and other things.
The system detects signs of an attack by gathering information via surveillance and reconnaissance, and it takes measures against the attacker before the attack becomes a full-scale one. The government intends to submit related bills to the ordinary Diet session to implement the system.
The series of DDoS attacks began on Dec. 26. At Japan Airlines Co., its baggage checking and other service systems at airports were disrupted, and at MUFG Bank, it became difficult to log in to its online banking services. Subsequently, Resona Bank, Mizuho Bank, NTT Docomo, Inc. and others also suffered system failures.
In a DDoS attack, an attacker first hijacks internet of things (IoT) devices, such as Wi-Fi routers and webcams, around the world with a computer virus. Then, under instructions from a command server, the hijacked IoT devices send large amounts of data to the target company’s systems. The attacked system becomes overloaded and unable to process the data, and it shuts down.
Normal DDoS attacks target specific servers or network devices. However, the carpet-bomb type targets a wide range of devices, resulting in a large impact and the risk of bringing an entire business to a halt.
Cybersecurity firm Trend Micro Inc. based in Tokyo has monitored a series of attacks since Dec. 27 and found that at least 300 IoT devices around the world were hijacked, and it is believed that the instructions were issued from overseas servers. A total of 158 attacks were carried out on 64 domestic businesses by Feb. 2, and most of them were carpet-bomb attacks, according to the company.
“There have been examples of carpet-bomb attacks in the past, but this is unusual because the scale of the attacks was so big,” a Trend Micro employee in charge said.
Multiple companies affected told The Yomiuri Shimbun that the attacks were the carpet-bomb type. Many firms had prepared for DDoS attacks by taking measures to reduce the load on specific servers even when large amounts of data would be sent. However, servers that had not yet been covered by such countermeasures were affected.
According to people familiar with cybersecurity issues, there has been no confirmation of a claim of responsibility for the series of attacks.
“It’s difficult to prevent carpet-bomb attacks with conventional countermeasures,” said Yuu Arai, a security expert at NTT Data Group Corp. “So it’s necessary to take action through ‘active cyber defense’ to neutralize the command servers themselves.”