Entangled in the Threads of Darkness--Quiet Invasion of the Zombie Network

Entangled in the Threads of Darkness--Quiet Invasion of the Zombie Network

Zombie networks (botnets) are networks of malware-infected PCs and IoT devices that are remotely controlled to send spam, conduct DDoS attacks, and steal personal information at the command of attackers. These infected devices are called "zombies" and are made to participate in crimes without the user's knowledge. These networks are traded in the digital underworld known as the dark web, and are often managed using highly anonymous cryptocurrencies. In Japan, the damage caused by these zombie networks is growing, resulting in serious economic losses.

As for specific damage in Japan, the National Police Agency reported more than 1,900 botnet-related unauthorized access arrests in 2020. In 2021, the General Insurance Association of Japan (GIAJ) reported that the average cyber damage loss for small and midsize companies will be approximately 23 million yen, with some cases exceeding 500 million yen for large companies. Mirai temporarily paralyzed Japanese educational institutions and ISPs in 2016, while Emotet rapidly spread through the email systems of universities, local governments, and businesses, causing damage such as loss of credit information and business shutdowns.

Attackers have strong economic incentives to operate zombie networks. For example, "DDoS-as-a-Service," which acts as a proxy for DDoS attacks, can earn thousands to tens of thousands of yen per hour, making botnet rentals a stable source of income. In addition, if infected terminals are used as a stepping stone for sending spam or phishing e-mails, profits of several hundred to several thousand yen per fraudulent e-mail can be expected. Furthermore, login information and credit card numbers collected through botnets are traded on the dark web for several hundred to several thousand yen per case, creating a structure in which the leakage of personal information itself becomes a commodity.

In Japan, as a countermeasure against such cybercrime, the government enacted the Cyber Security Basic Law and launched NOTICE, a survey of IoT devices led by the Ministry of Internal Affairs and Communications and NICT, in 2018. This initiative has identified more than 300,000 IoT devices in Japan that are being used in their default settings, and alerts have been issued through telecommunication carriers. Despite this, botnet damage remains on the decline, and ongoing countermeasures by companies and individuals are required.

Economic losses caused by zombie networks are spreading to all areas, including service outages due to DDoS attacks, business interruption due to infection, loss of trust due to information leaks, and costs associated with damage restoration and investigation. For companies that provide e-commerce sites and cloud services, in particular, such damage directly leads to a decrease in sales and suspension of contracts, and represents a long-term business risk. Defense in cyberspace is no longer a matter for a few technicians alone. We are now at a stage where it is essential to change the awareness of the entire nation, corporations, and even the general public. We may not yet be fully aware of the reality that we are being quietly invaded, entangled in a dark thread.