Asus Acknowledges, Responds to Attack but Disputes Kaspersky Numbers
Yesterday, Kaspersky Labs broke news that Asus has been infected by malware that it unwittingly pushed out to its own customers. Asus has responded to the news and acknowledged that it was affected, but it also disputes the number of customers that actually installed infected software.
To recap: Kaspersky Labs reported that this new attack, which it named ShadowHammer, was launched in a highly targeted effort to penetrate 600 specific PCs. More than 57,000 users of Kaspersky products have installed the backdoored utility, which was distributed directly by Asus after hackers penetrated its software and made changes to it without changing the file size or triggering other company security measures. Kaspersky estimates that one million Asus customers were impacted (the attack took place between July and November 2018). Kaspersky released an estimate of the number of affected users in each country, though it notes that this distribution could be impacted by the number of Kaspersky users in each location.
Asus has released a new version of its LiveUpdate utility, 3.68, which closes the loophole. The company also claims to have implemented “an enhanced end-to-end encryption mechanism. At the same time, we have also updated and strengthened our server-to-end-user software architecture to prevent similar attacks from happening in the future.”
Given the speed with which Asus deployed these fixes, it’s likely been working on them for some time. The question of whether OEMs should be in the business of providing so-called “value-added” software at all is a difficult one. This is far from the first time we’ve seen evidence of major security problems these companies bake into their own laptops as a result of badly secured software. Lenovo, Dell, Samsung, and other firms have all been burned by such issues in recent years. The software world has never found a good answer to this problem. No OEM or developer is immune to the problem of broken updates, including Microsoft, who builds the underlying OS. At the same time, the ability to deliver critical security updates on an ongoing basis is recognized as one of the best ways to keep customer machines secure.
As for who the original attacker was trying to target, or where those ~600 machines are, we don’t know. This wasn’t a random attack. Someone had very specific ideas who they wanted to hit and they knew the MAC addresses to target. That’s arguably the most concerning part of the entire affair. We still have no idea if this attack actually accomplished what it set out to do, whatever that was.
If you have an Asus laptop, make sure LiveUpdate 3.6.8 is installed. Alternatively, uninstall the entire suite of whatever utilities your laptop vendor shoved on to the laptop in the first place. You’ll probably be better off.
Continue reading
Plex Media Servers Being Used to Amplify DDoS Attacks
The researchers claim that a Plex server, properly utilized, can increase the size of DDoS packets by almost five times, making these attacks much more damaging. There's not much Plex users can do about it right now, either.
Cyberpunk Developer Hit with Ransomware Attack
The perpetrators claim to have swiped source code to the company's games, as well as embarrassing internal documents. All will be released unless CDPR pays up, which it says it isn't going to do.
Apple Files Lawsuit Against NSO Group for its Pegasus Spyware Attacks
Apple has announced a lawsuit against NSO Group and its parent company over its Pegasus spyware, seeking to prevent the group from using any of Apple's services and hardware in the future.
Nvidia Hit by Possible Cyber Attack
Reports indicate the attack began at the same time as the Russian incursion into Ukraine.