aster.cloud aster.cloud
  • /
  • Platforms
    • Public Cloud
    • On-Premise
    • Hybrid Cloud
    • Data
  • Architecture
    • Design
    • Solutions
    • Enterprise
  • Engineering
    • Automation
    • Software Engineering
    • Project Management
    • DevOps
  • Programming
    • Learning
  • Tools
  • About
  • /
  • Platforms
    • Public Cloud
    • On-Premise
    • Hybrid Cloud
    • Data
  • Architecture
    • Design
    • Solutions
    • Enterprise
  • Engineering
    • Automation
    • Software Engineering
    • Project Management
    • DevOps
  • Programming
    • Learning
  • Tools
  • About
aster.cloud aster.cloud
  • /
  • Platforms
    • Public Cloud
    • On-Premise
    • Hybrid Cloud
    • Data
  • Architecture
    • Design
    • Solutions
    • Enterprise
  • Engineering
    • Automation
    • Software Engineering
    • Project Management
    • DevOps
  • Programming
    • Learning
  • Tools
  • About
  • Tech

NTT Com Confirms Possible Information Leak Due To Unauthorized Access

  • aster.cloud
  • July 3, 2020
  • 6 minute read

NTT Communications Corporation (NTT Com), the ICT solutions and international communications business within the NTT Group, announced today the results of its investigation regarding the possible information leak due to unauthorized access that the company announced in Japanese on May 28. NTT Com sincerely apologizes to all concerned for any inconvenience or concern caused by the possible information leak.

NTT Com announced on May 28 that some information—although no information on consumer customers—was possibly leaked externally on May 11 due to unauthorized access to NTT Com facilities by attackers on May 7. The internal investigation has determined that information may have been leaked from the construction information management server in Japan that the company uses to manage its Biz Hosting Enterprise (BHE)1 and Enterprise Cloud (ECL) Option Services2 as well as from the server group (“internal servers”) used for internal operations of NTT Com.


Partner with aster.cloud
for your next big idea.
Let us know here.



From our partners:

CITI.IO :: Business. Institutions. Society. Global Political Economy.
CYBERPOGO.COM :: For the Arts, Sciences, and Technology.
DADAHACKS.COM :: Parenting For The Rest Of Us.
ZEDISTA.COM :: Entertainment. Sports. Culture. Escape.
TAKUMAKU.COM :: For The Hearth And Home.
ASTER.CLOUD :: From The Cloud And Beyond.
LIWAIWAI.COM :: Intelligence, Inside and Outside.
GLOBALCLOUDPLATFORMS.COM :: For The World's Computing Needs.
FIREGULAMAN.COM :: For The Fire In The Belly Of The Coder.
ASTERCASTER.COM :: Supra Astra. Beyond The Stars.
BARTDAY.COM :: Prosperity For Everyone.

1. Unauthorized access to construction information management server of BHE/ECL

Based on a log showing unauthorized access to construction information management server (“Server C” in diagram) used for BHE and ECL Option Services, the company conducted a forensic investigation3 of its Active Directory4 operation server (“Server A” in diagram), operation server for BHE/ECL service management (“Server B” in diagram) and Server C used for BHE/ECL service management. As a result, it was determined on June 19 that service-related construction information on 83 clients—separate from the 621 clients announced on May 28—may have been leaked from the construction information management server in the service management segment in Japan, which is isolated from the BHE/ECL client network segment. NTT Com has started contacting these additional 83 clients.

All of the affected clients outside of Japan who were or are using these services in Japan have been notified individually since the last announcement on May 28.

There has been no effect on service availability or the quality of cloud services, including services provided outside of Japan. Information on consumer customers was not affected.

2. Unauthorized access to internal file servers

Regarding NTT Com’s investigation into unauthorized remote operation of the company’s internal servers, as announced on May 28, further investigation concluded on June 2 that information in some internal files was possibly leaked. NTT Com has contacted clients in Japan that were possibly affected. No clients outside of Japan were affected. Information on consumer customers was not affected.

Read More  Google I/O 2019 | Create App-like Experiences on Google Search and the Google Assistant

It was newly discovered on May 26 that certain internal file servers were possibly accessed via the virtual desktop infrastructure (VDI)5 server and that internal files may have been browsed. On the same day, after identifying that a personal bring-your-own device (BYOD)6 had been used remotely to gain unauthorized access, NTT Com immediately shut down the remote access environment for all such devices as well as devices dedicated to thin clients, and changed the passwords for all employees. In addition, NTT Com strengthened remote-access authentication and monitoring. Thereafter, no unauthorized use of employee accounts has been identified.

Although extra time was required to identify which information the attackers may have browsed because a legitimate account and password were possibly stolen, the forensic investigation and analysis of the access history of internal file servers has now revealed that 188 clients may have been affected. NTT Com is in the process of contacting all of these clients. No clients outside of Japan were affected. Information on consumer customers was not affected.

Diagram of the event
Diagram of the event

3. Future measures

NTT Com is introducing measures to quickly recover any server in the event of a spoofing attack, which required extra time to assess in the recent case. These include the deployment of User and Entity Behavior Analytics (UEBA),7 which speeds up detection by visualizing the behavior of an attacker who uses a legitimate account and password after breaching the server. Also, NTT Com is working to prevent any recurrence by introducing Endpoint Detection and Response8 technology to strengthen endpoint security and by accelerating security measures based on a Zero Trust policy.9

In addition to reviewing the structure of information management in internal file servers, service quality is being further improved by strengthening the role of the Red Team10 in verifying security-measure effectiveness, and by continuously implementing Threat-Led Penetration Testing (TLPT)11 for internal IT and operational technologies.12

Hereafter, any additional relevant information will be disclosed as required, excluding information on individual clients to protect their confidentiality.

Read More  Qualcomm Redefines Premium With The Flagship Snapdragon 888 5G Mobile Platform

Background

Summary of press release issued in Japanese on May 28

NTT Com’s department in charge of internal systems detected unauthorized remote operation of the company’s Active Directory (AD) server in a log on May 7. On the same day, the department quickly shut down the AD operation server (“Server A”) that was used by the attacker as a springboard server to enable remote operation. NTT Com immediately launched an investigation, based on which the operation server (“Server B”) for BHE/ECL service management, from which Server A was accessed, was immediately shut down and all external communication from the AD server of the internal segment was blocked. Communication with external sites that the attacker used to communicate with malware was also blocked.

After analyzing the access logs of the internal servers, it was discovered on May 11 that some information may have been leaked. Since the route used for unauthorized access was via Server B, a forensic investigation of Server B was conducted. The results showed evidence of unauthorized access to the construction information management server (“Server C”) used for BHE/ECL service management. After analyzing Server C’s access log, it was determined on May 13 that some files stored on Server C may have been leaked.

As a result of investigating the attackers’ route, it was found that the intrusion reached Server B in Japan following unauthorized access to a site in Singapore that is connected to BHE/ECL service management.

In summary, it has been determined that service-related construction information pertaining to 621 clients may have been leaked from the construction information management server (Server C) in the service management segment in Japan, which is isolated from the BHE/ECL client network segment. Going forward, security measures designed for the latest attack methods will be deployed at facilities that are being transitioned to new services, until they are physically removed. Also, every effort will be taken to block all communication channels that become unnecessary whenever clients stop using them.

1 Biz Hosting Enterprise is a cloud service for enterprise ICT infrastructure. With the exception of certain optional services, it was terminated in March 2018.

Read More  NTT Com Demonstration Test To Link GAIA-X Platform's "IDS Connector" Technology And SDPF Based On Data Trust®

2 ECL Option Services include managed option, collocation interconnectivity, and provisioning support

3 Forensic investigation (digital forensics) is a technology and method to investigate electronic trails, such as access logs left in personal computers, communication devices and other electronic devices, related cyberattacks and similar crimes. It is also used to preserve evidence and analyze possible damage.

4 Active Directory is a feature that Windows Server provides to manage Windows PC features and user information.

5 Virtual Desktop Infrastructure (VDI) is a mechanism that virtualizes the desktop environment, aggregates the PC desktop environment on the server, and runs it on the server.

6 Bring Your Own Device (BYOD) is a policy for using employees’ private devices for business.

7 User and Entity Behavior Analytics (UEBA) is a technology that analyzes user behavior for early-stage detection of risks.

8 Endpoint Detection and Response (EDR) is a technology that monitors and responds to suspicious behavior on a PC or server (endpoint).

9 Zero Trust is a concept of information security that assumes nothing inside or outside a company can be trusted, instead of protecting only boundaries under the assumption that within the company is safe.

10 Red Team is an independent team within a company that executes pseudo attacks to evaluate and propose security measures.

11 Threat-Led Penetration Testing (TLPT) are pseudo attacks based on fixed scenarios for evaluating the status of security measures.

12 Operational technologies include control and/or monitoring of industrial equipment that is used to optimize systems for essential infrastructure, such as electrical power grids.

About NTT Communications

NTT Communications solves the world’s technology challenges by helping enterprises overcome complexity and risk in their ICT environments with managed IT infrastructure solutions. These solutions are backed by our worldwide infrastructure, including industry leading, global tier-1 public and private networks reaching over 190 countries/regions, and more than 500,000m2 of the world’s most advanced data center facilities. Our global professional services teams provide consultation and architecture for the resiliency and security required for your business success, and our scale and global capabilities in technology world are unsurpassed. Combined with NTT Ltd., NTT Data, and NTT DOCOMO, we are NTT Group.
www.ntt.com | Twitter@NTT Com | Facebook@NTT Com | LinkedIn@NTT Com


For enquiries, product placements, sponsorships, and collaborations, connect with us at [email protected]. We'd love to hear from you!

Our humans need coffee too! Your support is highly appreciated, thank you!

aster.cloud

Related Topics
  • ICT
  • Information Leak
  • NTT Com
  • NTT Communications Corporation
You May Also Like
Getting things done makes her feel amazing
View Post
  • Computing
  • Data
  • Featured
  • Learning
  • Tech
  • Technology

Nurturing Minds in the Digital Revolution

  • April 25, 2025
View Post
  • Tech

Deep dive into AI with Google Cloud’s global generative AI roadshow

  • February 18, 2025
Volvo Group: Confidently ahead at CES
View Post
  • Tech

Volvo Group: Confidently ahead at CES

  • January 8, 2025
zedreviews-ces-2025-social-meta
View Post
  • Featured
  • Gears
  • Tech
  • Technology

What Not to Miss at CES 2025

  • January 6, 2025
View Post
  • Tech

IBM and Pasqal Plan to Expand Quantum-Centric Supercomputing Initiative

  • November 21, 2024
Black Friday Gifts
View Post
  • Tech

Black Friday. How to Choose the Best Gifts for Yourself and Others, Plus Our Top Recommendations.

  • November 16, 2024
zedreviews-Apple-iPhone-16-Pro-finish-lineup-240909
View Post
  • Featured
  • Gears
  • Tech
  • Technology
  • Tools

Apple debuts iPhone 16 Pro and iPhone 16 Pro Max

  • September 10, 2024
zedreviews-Apple-iPhone-16-Apple-Intelligence-240909
View Post
  • Featured
  • Gears
  • Tech
  • Technology

Apple introduces iPhone 16 and iPhone 16 Plus

  • September 10, 2024

Stay Connected!
LATEST
  • college-of-cardinals-2025 1
    The Definitive Who’s Who of the 2025 Papal Conclave
    • May 7, 2025
  • conclave-poster-black-smoke 2
    The World Is Revalidating Itself
    • May 6, 2025
  • oracle-ibm 3
    IBM and Oracle Expand Partnership to Advance Agentic AI and Hybrid Cloud
    • May 6, 2025
  • 4
    Conclave: How A New Pope Is Chosen
    • April 25, 2025
  • Getting things done makes her feel amazing 5
    Nurturing Minds in the Digital Revolution
    • April 25, 2025
  • 6
    AI is automating our jobs – but values need to change if we are to be liberated by it
    • April 17, 2025
  • 7
    Canonical Releases Ubuntu 25.04 Plucky Puffin
    • April 17, 2025
  • 8
    United States Army Enterprise Cloud Management Agency Expands its Oracle Defense Cloud Services
    • April 15, 2025
  • 9
    Tokyo Electron and IBM Renew Collaboration for Advanced Semiconductor Technology
    • April 2, 2025
  • 10
    IBM Accelerates Momentum in the as a Service Space with Growing Portfolio of Tools Simplifying Infrastructure Management
    • March 27, 2025
about
Hello World!

We are aster.cloud. We’re created by programmers for programmers.

Our site aims to provide guides, programming tips, reviews, and interesting materials for tech people and those who want to learn in general.

We would like to hear from you.

If you have any feedback, enquiries, or sponsorship request, kindly reach out to us at:

[email protected]
Most Popular
  • 1
    Tariffs, Trump, and Other Things That Start With T – They’re Not The Problem, It’s How We Use Them
    • March 25, 2025
  • 2
    IBM contributes key open-source projects to Linux Foundation to advance AI community participation
    • March 22, 2025
  • 3
    Co-op mode: New partners driving the future of gaming with AI
    • March 22, 2025
  • 4
    Mitsubishi Motors Canada Launches AI-Powered “Intelligent Companion” to Transform the 2025 Outlander Buying Experience
    • March 10, 2025
  • PiPiPi 5
    The Unexpected Pi-Fect Deals This March 14
    • March 13, 2025
  • /
  • Technology
  • Tools
  • About
  • Contact Us

Input your search keywords and press Enter.