Maharashtra cyber police releases advisory to deal 'ShadowHammer' malware

In order to deal with ShadowHammer malware attack which has affected more than 60,000 computers and laptops of ASUSTeK Computer Inc. worldwide, the state cyber police have issued an advisory to spread awareness on how to protect devices from the malware attack. Asus devices which are currently using the company's Live Update utility were said to be susceptible to backdoor intrusion between June and November 2018 and during the same time, the malware attack affected a large number of users.

Online security company Kaspersky Labs which has been investigating the attacks have claimed that Asus Live Update, a utility which is pre-installed in most of the Asus computers, automatically updates certain components such as BIOS, UEFI, drivers and applications. The live update was compromised, allowing 'Operation ShadowHammer' to propagate between the said period. Kaspersky also claims that the loopholes in the software gave hackers a backdoor to users' computers.

The advisory of the cyber police highlights that Operation ShadowHammer was a new advanced persistent threat campaign which targeted the users injecting a backdoor which contained a table of hard-coded MAC addresses which helps a computer to connect to a network. The goal of the attack was to surgically target an unknown pool of users and the security experts were able to identify more than 600 MAC addresses hard-coded into the malware.

However, Asus claimed that it has come up with a fix in the form of an actual security update. Also, the company has claimed that only a very small number of specific user group were found to have been targeted but in order to prevent multiplication of the Trojan, it has updated its server-to-end-user software architecture to prevent similar attacks in future.

Speaking to DNA, cyber expert Ritesh Bhatia said, "Even the best of the antivirus could not protect the malware attack because it was a sophisticated supply chain attack. The Live Update utility which was responsible to install the necessary updates in all the devices itself was compromised. Users tend to keep their devices up to date by installing updates frequently so that the latest versions of software offer them better services. In this case, the malware made its way to millions of laptops only because the users updated their devices."

"If the first line of defence itself is compromised, all the laptops, especially those running on Windows operating system, will become more vulnerable to cyber crimes including data leaks, cyber terrorism, hacking and phishing. In a bid to educate the users, the Maharashtra cyber police have come up with an awareness initiative. So far, no cases have been reported in Mumbai," Bhatia added.