Trusted Internet Blog

Thoughts, Guidance, Musings

ASUS Computers with Factory Installed Backdoors? No way!

Posted by Jeff Stutzman, Chief Information Security Officer | Mar 26, 2019 3:45:03 PM

Kaspersky reported today that ASUS computers were pushed out of the factory with malware (a backdoor) installed. Should you care? Maybe. 

If you're a small business (I consider small anything between 1 and 500 employees), there's a real chance you don't have a dedicated security team. There's a stronger chance that you do not have an internal cyber-intelligence team.  Lastly, there's an even a bigger chance that you really don't care about ASUS computers showing up in your company with malware installed.   

Wait What?!     Now there's computers that come with pre-installed malware?  Right out of the box?        

Yes, indeed some do  

In this case, attackers hitched a ride via an official software update to exploit specific systems after being  individually identified and targeted by  MAC address.  This  motherboard article from March, 25 2019 suggests that approximately 13,000 Symantec customers were infected. 

This shouldn't come as a surprise in a day in time when pretty much every day there's another major breach of data , backdoor vulnerability identified, or substantial loss of intellectual property? It should matter.  Small manufacturers and anyone in the Healthcare industry likely already have enough money in the budget that can keep this from happening, yet may lack the know-how.

Worried about this or something like it? Call us.

Tech Times recently named Trusted Internet as number one in the Top Five Small Business Managed Security Service Providers for 2019. Why? We take a personalized approach to working with small companies.  See how we can protect yours today.

 

Topics: Insider, Network Security, Information Security, botnet, ceo, trojan

Written by Jeff Stutzman, Chief Information Security Officer

Jeff Stutzman Chief Intelligence Officer, Wapack Labs Chief Information Security Officer, Trusted Internet Wapack Labs is a private cyber intelligence organization that performs research, analysis, and intelligence operations. The Lab authors cyber threat intelligence and analysis for the global memberships of the Red Sky Alliance, the Financial Services ISAC and the Maritime and Port Security ISAO. Prior to Wapack Labs, Mr. Stutzman served as a Director at the DoD Cyber Crime Center (DC3). Mr. Stutzman has ‘boots on the ground’ experience in more than two dozen high-risk cyber threat areas including China, Brazil, the Middle East, and South America. Mr. Stutzman has held operational and senior positions with Cisco Systems, Northrop Grumman, Carnegie Mellon University, the DoD Cyber Crime Center and is a former Navy Intelligence Officer. He has been cited in the Wall Street Journal, Wired Magazine, NH Public Radio, and numerous trade publications. He holds a BS from Excelsior College, an MBA from Worcester Polytechnic Institute, and is a Harvard Kennedy School Senior Executive Fellow.