ShadowHammer: Malicious updates for ASUS laptops

ASUS laptops

How secure are we?

There’s no such thing as foolproof system at least now a days when all threat actors are looking for means on how to manhandle security loopholes. Gone are the days when secure haven as what we think it is–say our manufactures OEM are no longer excused to all sorts of attack. In the case of Asus Live Update Utility, the actor’s utilized naïve looking utility disguises as normal supply chain software until the attack originates within the company ground. Infiltrating the organizational premise would have been much easier compared to foreground attack.

 

How clever are these attack?

Typically, attack are perpetrated straight forward, a software supply chain explores the vulnerability on vendor’s from development phase. It was believed to be laid-back as planting the bomb and leaving it dormant until the executable wreak havoc as in the case of Stuxnet worm, detection would have been strenuous initially as the actual signed and certified update package was swapped with the trojanized one. The vastness of this attack are limitless as financial institution and business are impacted heavily.

 

Dedicated attack

On the contrary, the attack is known to be focused as it targeted specific group of people the attackers are looking for. Known AV firm has the utility that can be used to catch if your MAC address was one of the deliberately hit address. Same type of distribution was incidentally noticed being identical with other vendors, however it is not confirmed which specific vendors is it aiming for, on the other hand this type of attack are becoming more prone for copy-cat following the success of this attack.

 

Countermeasures

Cybercrime solution could have been far-fetched unless security workforces are meticulously inspecting every details of their servers specially the one dedicated to public consumption as these imperil not only the server hosting the update but the one being targeted as normal AV solutions may find it difficult to spot. Accompanying with a reliable security software that does not entirely depend on policy reputation, but whitelisting policy rule would do as much along with a good Antivirus protection and VPN for added security though  ASUS Live Update is still suggested whenever necessary.

 

About the author

Leave a Reply