Cyber Security Today, March 2, 2022 — Toyota and Aon deal with cyber attacks, updates on Axis and Nvidia attacks, and more

Toyota and Aon deal with cyber attacks, updates on Axis and Nvidia attacks, and more.

Welcome to Cyber Security Today. It’s Wednesday March 2nd. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.

Toyota continues to deal with the impact of one of the biggest supply chain attacks in the world. After one of its parts manufacturers was reportedly hit by a cyberattack Toyota had to stop operations on Tuesday at 14 plants in Japan. Reuters quoted a spokesperson for the supplier as saying it appeared to have been the victim of a cyber attack. An analyst at the SANS Institute said the incident is a lesson to firms. When reviewing incident response plans many organizations tend to focus on their own company assets being compromised. However, in today’s interconnected world it’s good practice to review the possible impacts of a successful cyber hit on partners.

Another multinational dealing with a cyber attack is insurance broker Aon. In a brief filing with the U.S. Securities and Exchange Commission it said that on February 25th it discovered a cyber incident impacting what it called “a limited number of systems.” The incident has not had a significant impact on Aon’s operations, the company said.

Here’s an update on two cyber attacks I reported in Monday’s podcast: Video surveillance systems maker Axis Communications says last month’s hack was caused by someone who was able to evade the company’s login protections against unapproved users, including multifactor authentication, to get onto the Axis network. The attacker used several combinations of social engineering to get around defences. Then they elevated their access privileges to get into the employee directory. No customer information was affected.

However, graphics card manufacturer Nvidia told Bloomberg News that a last week a hacker stole employee passwords and some proprietary product information. That data is being leaked. The Lapsus$ gang has taken credit for the attack and threatened to release the stolen data unless Nvidia removes limits on some of its graphics cards that slow down cryptocurrency mining.

How bad for business can a data breach be for a company? Consider this: Seventy-eight per cent of Canadian respondents told a survey that news of a security breach would be a consideration in their future spending with that company. Fifty-five per cent said they would stop buying from the company for at least a few months, while 23 per cent said they’d turn their backs on the firm permanently. The survey of 1,000 Canadians was done for a payments provider called PCI Pal.

Finally, whenever something is in the news scammers are quick to pounce. The latest example is the war in Ukraine. According to the Bleeping Computer news service, a number of crooks have created online fund-raising campaigns trying to get them to donate cryptocurrency to addresses that are not affiliated with the Ukrainian government. Don’t be fooled by emails, websites or texts with a Ukrainian flag or logo. The official Twitter account of Ukraine has the real cryptocurrency addresses where funds can be sent. Or donate to a recognized charity.

That’s it for now. Remember links to details about podcast stories are in the text version at ITWorldCanada.com.

You can follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker