If you’re using Asus hardware, you’ll want to check it for malware… right now.
For more ISO 27001 help, you can download our free Gap Analysis checklist right here
Hackers have managed to target hundreds of thousands, potentially millions of Asus computer owners, according to anti-virus software gurus, Kaspersky, who discovered it earlier this year.
The Moscow-based operation first discovered the malware in January, lurking inside after hackers were able to capitalise on security flaws in the Taiwanese hardware company. It was reportedly a supply chain attack, “one of the most dangerous and effective infection vectors, increasingly exploited in advanced operations over the last few years,” according to Kaspersky.
“It targets specific weaknesses in the interconnected systems of human, organizational, material, and intellectual resources involved in the product life cycle: from initial development to the end user.”
According to Sergiu Gatlan of BleepingComputer, “a new advanced persistent threat (APT) campaign detected by Kaspersky Lab in January 2019 and estimated to have run between June and November 2018 has allegedly impacted over one-million users who have downloaded the ASUS Live Update Utility on their computers.” Vice’s Motherboard was one of the first to break the story, as well as give it the nickname ‘ShadowHammer’.
Kaspersky has issued a statement outlining that “the actors behind ShadowHammer targeted the ASUS Live Update Utility as the initial source of the infection.”
It was almost the perfect crime, as Kaspersky outlined in their statement. “Using stolen digital certificates used by ASUS to sign legitimate binaries, the attackers have tampered older versions of ASUS software, injecting their own malicious code. Trojanized versions of the utility were signed with legitimate certificates and were hosted on and distributed from official ASUS update servers - which made them mostly invisible to the vast majority of protection solutions.”
According to Motherboard, “researchers estimate half a million Windows machines received the malicious backdoor through the ASUS update server, although the attackers appear to have been targeting only about 600 of those systems.”
Spokesperson for Symantec, another cyber security firm, Jennifer Duffourg confirmed the attack who said that “based on our analysis, trojanized updates via URIs were deployed by ASUS’ live update server between June and late October 2018. These updates were digitally signed using two certificates from ASUS.”
As Wired’s Lily Hay Newman put it, “news that hackers put backdoors into thousands of Asus computers using the company’s own software update platform is a reminder of why supply-chain compromises are one of the scariest digital attacks out there.”