ShadowHammer Dangers Include Update Avoidance

  /     /     /  
Publicated : 23/11/2024   Category : security


ShadowHammer Dangers Include Update Avoidance


More fallout from the compromise of Asuss automated software update.



When a platform is attacked, there are well-practiced tools and strategies for response. When servers that provide software and firmware updates get hit as in the recent ShadowHammer 
attack
that hit Asus and its customers, remediation can be much more of a challenge technologically and behaviorally.
The ShadowHammer attackers used a trusted supplier — which itself was using trusted certificates for authentication — to target a relatively small number of end users. But the impact of the attack may be felt far beyond the targeted systems as customers around the world lose confidence in the software, firmware, updates, and patches provided by Asus.
Researchers at Skylight Cyber last week published 
a list of the roughly 600 MAC addresses
 targeted in the breach. Kaspersky Lab earlier had 
published a tool
 in which a specific MAC could be compared against a hidden table of addresses to see whether it was targeted in the attack.
Kaspersky’s investigation identified 600 MAC addresses — a unique identifier assigned to each networked device — hard-coded into ASUS backdoored update utility. This indicates that the wide-reaching attack was launched for the purpose of targeting a relatively small number of very specific devices, says Mark Orlando, CTO of Cyber Protection Solutions at Raytheon.
The small number of devices targeted in ShadowHammer is not a factor unique to the attack. A common thread among many of these supply chain attacks is that, despite having access to a trove of compromised systems at their disposal, attackers have only targeted a smaller subset of those systems, says Satnam Narang, senior research engineer at Tenable.
In a security environment that often brings the requirement for rapid software and firmware updates to deal with zero-day or rapidly evolving threats, a breach in trust may be the most damaging of ShadowHammers effects. This can result in end-user skepticism about applying software updates, which often contain critical security updates that, if left unpatched, could be exploited, Narang says.
We plainly see the need for validation of trusted-vendor channels in addition to digital signatures — which, in this case, appears to have further concealed the malicious activity by providing a false sense of integrity — not just for software and platform updates, but any trusted vendor network which has access into our environment, says Colin Little, senior threat analyst at Centripetal Networks.. 
That doesnt mean channels like update servers should be given network carte blanche. Organizations should take a hard look at supply chain security, and specifically software update security, in light of this report, Orlando says.
Because compromised updates can be digitally signed and will likely get past signature-based protection, the best defenses are a shift towards proactive analysis, e.g. threat hunting, and tougher scrutiny of third-party software, he says.
Related Content:
ASUS ShadowHammer Attack Underscores Trusted Third-Party Risks
Cisco Router Vulnerability Gives Window into Researchers World
Citrix Breach Underscores Password Perils
Security Spills: 9 Problems Causing the Most Stress
7 Malware Families Ready to Ruin Your IoTs Day
 
 
 
 
Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industrys most knowledgeable IT security experts. Check out the
Interop agenda
here.

Last News

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security

▸ Website hacks happened during World Cup final. ◂
Discovered: 23/12/2024
Category: security

▸ Criminal Possession of Government-Grade Stealth Malware ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
ShadowHammer Dangers Include Update Avoidance