Computer manufacturers and users are definitely getting more sophisticated. Manufacturers, as well as Microsoft and Apple themselves, continue to produce more sophisticated tools to prevent hackers from gaining access to your computer. Users are getting smarter about which sites and emails they interact with, preventing attacks. With a more sophisticated computer user must come a more sophisticated hacker, and we have definitely seen a growth in that area. This week, Asus was the target of an incredibly advanced attack, putting computer owners at risk.
According to Russian security firm Kaspersky, a supply chain attack had been carried out using the ASUS Live Update Utility. Using a flaw in the utility, hackers opened a back door into any computer that had downloaded the tool. Kaspersky said that 57,000 of their users have downloaded the compromised tool, but that represented only a small portion of the Asus customer-base. They believe that as many as a million computers may have this backdoor installed.
ShadowHammer, as the attack has been called, is certainly a sophisticated one. The software was able to bypass initial detection because it was signed using an official Asus security certificate. For most, that would be enough to believe it is legitimate. In addition, the hackers managed to make the file exactly the same size as the original file which it replaced.
While many computers are likely compromised, it would appear that the actual usage of the exploit was incredibly targeted. It appears that only 583 MAC addresses were targeted, representing computers within large organizations. The affected computers are almost exclusively owned by ASUSTek, Intel, and AzureWave Technologies, with only 70 affected computers being owned by anyone else. That does not mean that users should not be concerned about this hack. This is not the first time that a company's update utility had been compromised, and it will not be the last.