The second day of JSAC 2025 featured a series of insightful presentations focusing on contemporary issues in cybersecurity, particularly around phishing and related attacks. Several industry experts elaborated on their analysis, strategies, and experiences in combating these growing threats.
Observation of Phishing Criminal Groups
Tsukasa Takeuchi, Takuya Endo, and Hiroyuki Yako from Mizuho Financial Group presented on the rise of phishing attacks in Japan. They detailed Mizuho’s organizational efforts to counteract these threats by analyzing malware, specifically one called "KeepSpy," which uses smishing to distribute phishing site URLs. The speakers emphasized the economic impact of these attacks, stressing the necessity of swift detection and takedown measures. Using collected logs, they proposed a collaborative approach with other organizations to enhance early detection systems against phishing attacks.
Rapidly Changing Trends in Phishing
Ryosuke Yoshimura and Tomoya Sano from LAC discussed the advancements in phishing attacks and highlighted their real-time detection systems for identifying phishing sites. With an increase in attacks exploiting high-profile events and brands, the need for a robust detection mechanism was underscored. They demonstrated their unique system’s ability to identify potentially malicious domains early, detailing case studies on phishing sites that distribute malware. They acknowledged challenges in detecting phishing sites that are not fully established and are committed to further system development to enhance detection accuracy.
Analysis of Phishing Kits
Masaomi Masumoto from NTT Communications examined two Phishing-as-a-Service (PhaaS) kits, revealing commonalities in their operational structures and strategies. He focused on indicators of the kits and explained how features such as data theft and cloaking mechanisms were employed across both kits. He illustrated the ease with which these kits can establish phishing sites and emphasized the potential for developing detection rules based on identified indicators.
Active Monitoring Amid Security Breaches
Yuji Ino and Mitsuki Yoshikawa from Recruit Technologies presented their strategies for monitoring user credential leaks, emphasizing proactive measures and responses to breaches to safeguard user data effectively.
Ransomware’s Covert Operations
Zhongyuan Hau and Ren Jie Yow from Sygnia detailed a new ransomware attack technique focusing on network configurations of ESXi and NAS systems. They explained how these devices are often under-monitored, making them prime targets for attackers. Their analysis provided insights into common methods attacks followed and the importance of thorough monitoring and logging to uncover traces left by attackers.
Supply Chain Attacks
Facundo Munoz from ESET discussed the PlushDaemon APT group, highlighting their sophisticated supply chain attacks that compromise VPN providers to distribute Trojan malware. He drew parallels between the methodologies of different attack groups, emphasizing the complexity and resourcefulness of these cybercriminals.
Operation AkaiRyu by MirrorFace
Dominik Breitenbacher, also from ESET, shed light on Operation AkaiRyu, an attack campaign targeting diplomatic institutions. He outlined how attackers use social engineering tactics to infiltrate organizations, deploying malware capable of stealing sensitive information and enabling lateral movement within networks, thereby posing a significant risk.
Using Windows Sandbox in Attacks
Yusuke Niwa and his colleagues from Itochu Cyber & Intelligence presented research on how the MirrorFace group exploited the Windows Sandbox environment. Their analysis included signs of compromise and recommendations for forensic techniques to combat such tactics, underscoring the need to balance user convenience in system updates with adequate security measures.
In conclusion, the discussions from day two of JSAC 2025 highlighted the critical state of cybersecurity, particularly concerning phishing and ransomware. Experts shared insights on ongoing threats and the concerted collaborative effort required among organizations to reinforce defenses against evolving tactics in the cyber landscape. The next session will cover interactive workshops and Lightning Talks, further elaborating on these vital cybersecurity themes.