Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Asus Confirms Attack Against Update Tool That Exposed Users to Risk

    Written by

    Sean Michael Kerner
    Published March 26, 2019
    Share
    Facebook
    Twitter
    Linkedin

      Computer hardware vendor Asus publicly confirmed on March 26 that it was the victim of a breach in which attackers were able to gain access to the company’s update servers.

      With access to Asus’ servers, the attackers took aim at the Asus Live Update tool, which is used to deliver driver and firmware updates. The attackers injected Trojan code into the Asus Live Update tool and were able to deploy malware to what the company characterized as a small number of users. The updates appeared to be authentic to end users, as they were signed with legitimate Asus digital certificates.

      “A small number of devices have been implanted with malicious code through a sophisticated attack on our Live Update servers in an attempt to target a very small and specific user group,” Asus wrote in a media advisory. “ASUS customer service has been reaching out to affected users and providing assistance to ensure that the security risks are removed.”

      The breach of the Asus Live Update service and the corresponding attack against users were uncovered by security firm Kaspersky Lab and publicly disclosed on March 25. Kaspersky Lab, which discovered the issue in January, has named the attack “Operation ShadowHammer.” It estimates that the attacks took place between June and November of 2018.

      “Based on our statistics, over 57,000 Kaspersky users have downloaded and installed the backdoored version of ASUS Live Update at some point in time,” Kaspersky Lab wrote in its analysis. “We are not able to calculate the total count of affected users based only on our data; however, we estimate that the real scale of the problem is much bigger and is possibly affecting over a million users worldwide.”

      An analysis by Symantec found that at least 13,000 computers received the malicious Trojanized updates from the Asus. According to Symantec, victims were found evenly around the world, with 20 percent of infections coming from organizations and 80 percent coming from consumers.

      Although the potential impact of the Asus update tool is large, Kaspersky Lab’s research found that it was in fact a highly targeted attack. Looking at the exploit code, the security firm found that there was a pool of 600 MAC addresses that were specifically targeted by the Operation ShadowHammer. A Media Access Control, or MAC, address is a unique identifier for a given piece of hardware.

      The Asus exploit fits into an emerging category of supply chain attacks, whereby attacks insert themselves into the chain to attack end users and organizations. An attack against ccCleaner’s update infrastructure in 2017, for example, infected millions of users with malicious downloads.

      Asus’ Response

      In response to the Kaspersky Lab analysis, Asus said it released a new version of its Live Update software, with the 3.6.8 update. As part of the 3.6.8 update, Asus stated that it also “introduced multiple security verification mechanisms to prevent any malicious manipulation in the form of software updates or other means, and implemented an enhanced end-to-end encryption mechanism.”

      “At the same time, we have also updated and strengthened our server-to-end-user software architecture to prevent similar attacks from happening in the future,” the company stated.

      Asus has also released a diagnostic tool to assist users in identifying whether they have been impacted and released new guidance to help users make sure they are running the latest version of Asus Live Update. 

      While Asus has responded to the attack, there are still more details and perhaps victims that have yet to be publicly disclosed. Kaspersky Lab stated that the full investigation is still in progress and it plans to release additional details on April 8, during its SAS 2019 Conference in Singapore.

      Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

      Sean Michael Kerner
      Sean Michael Kerner
      Sean Michael Kerner is an Internet consultant, strategist, and writer for several leading IT business web sites.

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×