In March, Asus servers unknowingly sent a critical software update laced with malware through their “Live Update” service. Users’ systems are generally set to accept these updates if they are legitimate, and why wouldn’t they? They come with authenticity certificates. However, the particular malware introduced in this case, ShadowHammer, had what appeared to be an authentic certification. Everyone’s computer thought it was real.
The Goal Of The Cyberattack
One of the biggest objectives for researchers when deciphering a cyberattack is to identify the goal of the intrusion. The endgame of the Asus attack is unknown. But what is known is the initial malware wasn’t the worst of the damage. ShadowHammer downloaded an additional virus, but only for select machines. The initial malware was only triggered to carry on when it identified and located specific systems, tagged by MAC addresses.
This demonstrates a catastrophic chain of events that consumers were not only unable to stop, but never made aware of. Experts feel Asus’s response was cold and lacking responsibility. Communication to the affected was sparse and delayed, despite the revelation that Asus was given a heads up to this exploit months prior to the attack being carried out.
Nobody warned consumers; nobody built any defenses. Asus just let it happen to their consumers. The scariest part about this is while many users may have avoided the 2nd attack, and the malware died after the Live Update download, Asus didn’t know that would happen.
Dangers of Financial Malware
Often, financial mischief is the objective of malware or ransomware, as the trend has been in recent years. People, whether for personal or professional use, store credit card information, bank routing, social security numbers, family names, and full addresses on their computers. Users were left exposed to this potential disaster.
Even the most advanced user may not have been exempt from this pitfall, as this Live Update had false authentication designed to bypass existing security measures. So what can businesses do to protect themselves? One viable option is to turn to the Patch Management services of a Managed IT Service Provider.
Patch Management refers to the management of software updates in IT environments, and frequently includes ranking, testing, and deploying these updates within a plan that minimizes risk to the environment as a whole. Patch Management involves the monitoring of available updates, making decisions about which are needed and which should be ignored, and creating a policy which will deploy updates live only after updates have been tested for bugs or security concerns in a controlled environment.
MSP Could Provide Some Resolve
Now, envision the same scenario happening again, but with an MSP monitoring your systems and updates. This time, when Asus sends a critical update, a Managed Service Provider would have a test environment designed for a wait-and-see approach to monitor how a select group of computers handle the update to determine whether or not the update should pass through to the majority. If Asus then announced a day later that this was a cyberattack, the number of damaged systems effected would be limited to the test environment only.
This is really about the updates, not the manufacturer that was attacked. Hackers hack, that’s what they do. While it is believed researchers could see ShadowHammer coming, that is not always the case, and previous knowledge shouldn’t be the prerequisite for protecting you and your business’s IT. Smart deployment is.