Threat Management, Patch/Configuration Management, Vulnerability Management

Asus issues patch, but questions still remain about ShadowHammer

Asus released a patch in the wake of the ShadowHammer malware attack, but despite fix researchers are still left wondering how the attack was carried out in the first place.

The company said its customer service has been reaching out the affected users and providing assistance to ensure that the security risks are being removed, according to a company statement.

Asus Version 3.6.8 introduced multiple security verification mechanisms to prevent malicious manipulation from software updates or other means, implemented an enhanced end-to-end encryption mechanism,  and updated and strengthened its server-to-end-user software architecture to prevent similar attacks from happening in the future.

Asus also developed an online security diagnostic tool to check for affected systems.

Despite the updates researchers like Tim Erlin, vice president, product management and strategy at Tripwire, expressed concern relating to users that have already been compromised.

“Affected users need to find out whether the attackers have actually targeted them, and then they need to assess the extent of the compromise,” Erlin said.

“This attack leveraged a very broad platform, the Asus updates, but then strategically targeted a small set of those initially compromised for further attack," he said. "The fix from Asus doesn’t help us understand who was targeted and why.”

Erlin also pointed out that we still have little information about how exactly Asus was compromised and that sharing this information would be good for the industry as a whole.

Organizations can efficiently and effectively manage these multi-faceted risks by working together on a common language and expected practices, said
Mike Jordan, senior director of The Shared Assessments Program.

"Our members are discussing how to best address these threats in our working groups, especially as they pertain to Operational Technology (OT) risks to the plant floors of manufacturing, utility, and energy companies,” Jordan said. “We've found that the best way to address these kinds of third party risks is by working together with all parties, including the purchasers, the vendors, and the service providers that service and secure them.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.