From ExtremeTech: Yesterday, Kaspersky Labs broke news that Asus has been infected by malware that it unwittingly pushed out to its own customers. Asus has responded to the news and acknowledged that it was affected, but it also disputes the number of customers that actually installed infected software.
To recap: Kaspersky Labs reported that this new attack, which it named ShadowHammer, was launched in a highly targeted effort to penetrate 600 specific PCs. More than 57,000 users of Kaspersky products have installed the backdoored utility, which was distributed directly by Asus after hackers penetrated its software and made changes to it without changing the file size or triggering other company security measures. Kaspersky estimates that one million Asus customers were impacted (the attack took place between July and November 2018). Kaspersky released an estimate of the number of affected users in each country, though it notes that this distribution could be impacted by the number of Kaspersky users in each location.
Kaspersky states that the attackers used stolen digital certificates to insert malicious code into the Asus LiveUpdate system. According to Asus, only several hundred customers were impacted by these changes, a far cry from the one million systems Kaspersky estimated could be impacted. In this case, however, Asus is almost certainly either wrong or misrepresenting its own exposure to a critical and embarrassing security flaw. Symantec commerce has independently confirmed Kaspersky’s analysis and stated that at least 13,000 of its own customers were affected by the hack. Based on the sophistication and duration of the hack, it seems incredibly unlikely that only a few hundred users were impacted, particularly given that the campaign ran for months. Asus’ full-year system sales are estimated at over 15.5 million. Its own servers were infiltrated. It was distributing the malware itself. Unless some versions of LiveUpdate were configured not to self-update, it’s not clear how people were going to avoid it.
View: Article @ Source Site
