Kaspersky Lab has released data on an extremely dangerous "silent" attack, which affected about a million computers manufactured by Asus. Technically, this is a common backdoor, but the real problem is the mechanism of its distribution. Therefore, it is not very surprising that the Taiwanese company itself remains unsettlingly silent - the discovery casts a shadow on the entire network security industry.
Some hackers were able to modify the Asus Live Update utility hosted on Asus backend systems. And made sure to sign it with the official security certificate of the manufacturer. Since the update utilities work by default on all computers, the backdoor was registered there unnoticed, both for the owners themselves and for any security systems. Kaspersky Lab reported that it found 57, 000 infected computers, which, when extrapolated from the data, gives about a million attacked machines worldwide.
In addition to Asus, malware was found in the firmware of three other, not yet advertised manufacturers. Following the Russians, the backdoor was found at Symantec, and it was already given the name "ShadowHammer". The most annoying thing here is that the source files were hosted on the official servers liveupdate01s.asus [.] Com and liveupdate01.asus [.] Com. It turns out to be an extremely dangerous scenario - in search of protection, users download updates from companies' servers, but a malicious element is already embedded in the file delivery chain.
It is entirely possible that the true target of the unknown villains was just the habits of users, and not the computers themselves. After all, if people lose faith in information security tools and stop using them, they will be extremely vulnerable. And vulnerabilities that need to be closed with updates will always appear.