Netizen Corporation Cybersecurity Bulletin (April 3rd, 2019)

Overview

  • Phish Tale of the Week
  • Toyota Japan suffers Data Breach
  • ASUS Accidentally Distributes Malware to Users
  • How Can Netizen Help?

Phish Tale of the Week

Hackers are always looking for new avenues to exploit people’s inherent trust in others. The following email was received in our office this last week: 

An example email follows below:

Attached to this email was a file that appeared to contain a voicemail message, but was actually a link to an executable that would have spread malware. Corporate environments using Microsoft Office 365 can modify their mail flow to flag messages that originate outside the organization, which can help identify suspect emails. In the example shown, the word [EXTERNAL] appears in the subject line, drawing the reader’s attention to messages sent to them from outside the company.

How this Phish was identified:

  • Unusual email addresses in the heading: in this case, the address is an external address, not the corporate address, and is very long. 
  • An unusual phone number that is unrecognized.
  • Unprofessional formatting to the design of the email shows tampering or a false template.

This kind of phishing email relies on an individual’s daily routine to check their emails and voice messages.

General Recommendations:

A phishing email will typically direct the user to visit a website where they are asked to update personal information, such as a password, credit card, social security, or bank account numbers. A legitimate company already has this sensitive information and would not ask for it again, especially via email. 

  • Scrutinize your emails before clicking anything. Did you order or ask for anything for which you’re expecting a confirmation? Did the email come from a store you don’t usually order supplies from or a service you don’t use? If so, it’s probably a phishing attempt.
  • Verify that the sender is actually from the company sending the message.
  • Did you receive a message or email from someone you don’t recognize? Are they asking you to sign into a website to give Personally Identifiable Information (PII) such as credit card numbers, social security number, etc. A legitimate company will never ask for PII via instant message or email—this is a huge red flag.
  • Do not give out personal or company information.
  • Review both signature and salutation.
  • Do not click on attachments.
  • Do not click on unrecognized links. If you do proceed, verify that the URL is the correct one for the company/service and it has the proper security in place, such as HTTPS.
  • Be wary of poor spelling, grammar, and formatting. As can be seen with the with this email, there are multiple spelling, grammar, and formatting errors, leading us to believe that the message is illegitimate. If an email is visually unprofessional, the sender is likely not who they say they are.

Many phishing emails pose a sense of urgency or even aggressiveness to prompt a form of intimidation. Any email requesting immediate action or that is addressing you in a threatening manner should be questionable. Also, beware of messages that seek to tempt users into opening an attachment or visiting a link. For example, an attachment titled “Staff Pay Raises 2018” may seem like something you really want to know about, but it could just be a ploy to plant malware on your system or steal your credentials.

Cybersecurity Brief

In this week’s cybersecurity brief: Car Manufacturing Giant Suffers Massive Data Breach, ASUS May Have Accidentally Pushed a Virus to Users

Toyota Japan Suffers Massive Data Breach

Japanese car manufacturer Toyota has announced that some if its sales subsidiaries (Toyota Tokyo Sales Holdings, Tokyo Motor, Lexus Koishikawa Sales, Toyota West Tokyo Corolla) have been compromised in a cybersecurity incident that has revealed the sales information of 3.1 million customers in Japan. This is the second such breach that the car manufacturing giant has suffered in the last two months, the first impacting the company’s branch in Australia. The hackers breached Toyota’s IT systems and gained unauthorized access to servers. Fortunately, no financial information was stored on the affected servers.

An official Toyota spokesperson released the following statement regarding the incident: “We apologize to everyone who has been using Toyota and Lexus vehicles for the great concern. We take this situation seriously, and will thoroughly implement information security measures at dealers and the entire Toyota Group.” The car manufacturer is conducting investigations on the incident and plans to implement information security measures to avoid future breaches. 

Interestingly enough, Toyota Vietnam has just announced that a similar cybersecurity incident has occurred on the same day that Toyota Japan disclosed information about their breach. 

To read more about the Toyota breach, click here.

ASUS Computers Accidentally Distributed Malware to Users


According to a recent investigation by Kaspersky Lab, Taiwanese computer makers ASUS may have pushed out a malware-infected update to more than 1 million users. The malware was reportedly installed through legitimate software updates that ASUS issues by hacking group. Reportedly, the hackers, believed to be a hacking group called “Barium”, managed to infiltrate the auto-update servers used by ASUS to mask their malware and pass it off as a software update. The auto-update utility is a pre-installed feature on most ASUS devices and is used to automatically update applications, software drivers, firmware, and other components.

This kind of attack is know as a “supply chain attack”. A supply chain attack is a cyber-attack that seeks to damage an organization by targeting less-secure elements in the supply network, in this instance the ASUS auto-update servers. 

What does this mean for you?

Business Owners: The hacking group did not have much interest in exploiting all of the affected users. As a matter of fact, the hacking group seems to have only targeted a very specific list of some 600 MAC addresses, which appear to be the real targets of the attack. For precautionary measures, organizations must update their threat models to include signed updates from trusted sources and avoid excluding those updates from security monitoring and other detection mechanisms. Additionally, it is highly recommended that organizations implement on-going monitoring for real-time detection of potential threats. 

Consumers: Install the newest version of Live Update software and enforce multi-factor authentication whenever possible. 

To read the original article by DarkReading, click here.



How Can Netizen Help?

Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.


Netizen is an ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans. 

Copyright © 2019 Netizen Corporation. All rights reserved.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.