Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
eWEEK.com
Search
eWEEK.com
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    How to Protect Your Enterprise PCs Against Fake Updates

    By
    WAYNE RASH
    -
    March 28, 2019
    Share
    Facebook
    Twitter
    Linkedin
      ASUS.logo

      Sometime between June and November 2018, ASUS computers were subjected to an attack in which users downloaded and installed a fake update that contained malware. The attackers did this by pairing old ASUS update code from 2015 with a new security certificate, and then having the Live Update software download and install it.

      Once downloaded, the malware contained in the fake update installs a back door into the system, and then contacts a command-and-control server to download a second stage of the malware. The second stage was reserved for about 600 machines with specific MAC (media access control) addresses. Machines without those specific addresses got the back door, but no second stage.

      The malware was discovered by Kaspersky Labs, which named it ShadowHammer because of its relationship to an earlier attack named Shadowpad. At this point, the purpose of the second-stage malware is unknown, and the nature of the 600 machines on the hard-coded list in the software is also unknown. However, Kaspersky does suspect that the attack was carried out by nation-state actors.

      ASUS Sent a Notice to Its Users

      ASUS published a notice on the attack which describes how to tell if a specific machine has been attacked and whether it still contains the malware. The company has also provided an update to the Live Update software with better security, and has sent out updates to remove and replace the malware laden update. If you have an ASUS computer, you should visit the ASUS site and follow the instructions about detecting and removing the problem.

      Unfortunately, ASUS was less than proactive in getting the word out to its customers that its update system had been breached. In fact, customers might never have known about the breach had Kaspersky not announced it following a long period in which ASUS failed to respond to the issue.

      No doubt ASUS will be hearing from European regulators about its failure to notify customers of the breach within the time limits set by the General Data Protection Regulation (GDPR), but that lack to deal with security problems is something of a hallmark for ASUS, which is already under sanctions by the FTC for earlier security failures.

      This particular lapse by ASUS appears to be on its way to being solved. The company has issued an update for both the affected computers and for the update software to improve security. In addition, ASUS says that it’s fixed the security problems that allowed hackers poison their update system. One can only hope that their efforts are sufficient, but so far that’s unknown.

      The Unknown is the Biggest Problem

      The unknown is really the problem here. What do you do when you can’t completely trust the updates from the company that made your computers or your network infrastructure? And it’s important to remember that network devices ranging from Ethernet switches to printers have the ability to install updates automatically.

      The answer is that there are a few steps you can take that will help ensure that you’re getting a clean update without a malware payload:

      • Check the reputation of the vendor that you’re getting hardware and software from. If a vendor has a series of security failures, as is the case with ASUS, then consider whether there’s something unique about the product that makes it worth the risk. Note that being cheaper is not one of those unique characteristics.
      • Designate one non-production machine to receive the update first. When you get the software, inspect it using a trusted anti-malware package. Also look at the packet inspection done by your NG firewall to see if there’s any indication of a problem. Only then install the update on that device you held out, making sure it’s not connected to the company network.
      • Pay attention to error messages of other unusual activity from machines you’re updating. ShadowHammer did generate some errors, and IT managers who checked with ASUS noticed that the update they’d received didn’t appear on the list of valid updates.
      • Scan the machine after the update to see if there are traces of malware, and also look at the communications from the machine to look for communications with a command and control server. Note that the server may have a name that resembles the name of the legitimate update server. You can use the IP address of the remote destination to discover what server it is.
      • Try to receive your updates from the actual manufacturer of the device that you’re updating. Some makers, including Microsoft, may try to use a nearby machine to provide the update code, but unless that machine has adequate security, you run the risk of getting your update from a compromised machine. Note that this includes machines on your own network, unless you’re completely satisfied that your network hasn’t ever been breached and you’re certain that there are no back doors.

      The practice of providing automatic updates is both a convenience and a strong security benefit, because it helps IT managers make sure that their machines have current patches and updates, but they’re not foolproof. You can help make them more secure by paying attention when the updates happen and by confirming that the updates are real, and that they’re clean before you apply them.

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      CHRIS PREIMESBERGER - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      CHRIS PREIMESBERGER - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      EWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      ZEUS KERRAVALA - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      WAYNE RASH - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Info

      © 2020 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×