Affected users need to find out whether the attackers have actually targeted them, and then they need to assess the extent of the compromise. “While Asus may have released a fix, if you’ve already been compromised that might not be enough. Tim Erlin, VP of Product Management and Strategy at Tripwire: “Rather than trying to identify attackers by their fingerprints, companies need to look at multiple characteristics of an attack – analysing network traffic to detect unusual behaviour and eliminating these threats before they wreak havoc within an organisation. That’s why organisations need a multi-layered strategy to prevent data loss and unauthorised data collection and profiling. Cyber-attacks are increasingly using fileless based techniques that leave no trace on the device. The ASUS malware attack clearly demonstrates that the threat landscape we see today is infinitely more sophisticated than just a few years ago, with trusted vendors becoming unwitting perpetrators. It’s imperative for organizations to know what code-signing certificates they have in use and where, especially as it’s likely we’ll see similar attacks in the future.”ĭr Darren Williams, CEO and Founder at BlackFog:
#Asus live update hack code
In fact, most security teams aren’t even aware if their developers are using code signing or who may have access to the code signing process. Unfortunately, in many organizations the protection of code signing processes falls mostly to developers who are not prepared to defend these assets. With a code signing certificate, attackers can make their malware seem trustworthy and evade threat protection systems. However, cyber criminals see code signing certificates as a valuable target due to their extreme power. Nearly every operating system is dependent on code signing, and we will see many more certificates in the near future due to the rise of mobile apps, DevOps and IoT devices. “Code signing certificates are used to establish which updates and machines should be trusted, and they are in the applications that power cars, laptops, planes and more. Kevin Bocek, VP Security Strategy and Threat Intelligence at Venafi: By working together on a common language and expected practices, organizations can efficiently and effectively manage these multi-faceted risks.” We’ve found that the best way to address these kinds of third party risks is by working together with all parties, including the purchasers, the vendors, and the service providers that service and secure them.
#Asus live update hack how to
“Our members are discussing how to best address these threats in our working groups, especially as they pertain to Operational Technology (OT) risks to the plant floors of manufacturing, utility, and energy companies.
#Asus live update hack update
It’s becoming increasingly important that companies add reviews of their third party software vendors’ software update mechanisms as part of their due diligence procedures. This is a very similar method that the NotPetya malware used to cause over a billion dollars in costs and counting by hacking a third party’s software. “Supply chain cybersecurity threats from software update mechanisms can be particularly devastating. Mike Jordan, CISSP, CRISC, CTPRP, Senior Director at The Shared Assessments Program: Removing the block is not difficult and can be accomplished quickly, better to be safe than have the network and data compromised which would be more of a consequence than blocking.” “While many organizations debate whether to block or not due to interruption of the business process, it should be best practice to block. The world is lucky there was not a cyber weapon involved in the ASUS backdoor, such as with the NotPetya example. “When we consider this history, we plainly see the need for validation of trusted-vendor channels in addition to digital signatures (which, in this case, appears to have further concealed the malicious activity by providing a false sense of integrity) – not just for software and platform updates, but any “trusted” vendor network which has access into our environment requires validation above and beyond what the current offerings are. For example, the NotPetya cyber weapon, which was unleashed on the Ukraine in 2017, used the same distribution vector from a popular accounting software provider (ref ). “The ASUS backdoor exposes a trusted-vendor’s channel compromise distribution vector, which has historically caused damage world-wide. PC giant Asus fell prey to elaborate 2018 attack, Kaspersky says Ĭolin Little, Senior Threat Analyst at Centripetal Networks: Reports from Kaspersky Lab researchers found out that computer giant ASUS installed a malicious backdoor last year on thousands of users’ computers after a server for its live software updates was hacked, and issued legitimate ASUS digital certificates with bogus software updates.
0 kommentar(er)
