Kaspersky Lab has uncovered a new advanced persistent threat (APT) campaign that has affected a large number of users through what is known as a supply chain attack. Its research found that threat actors behind Operation ShadowHammer have targeted users of the ASUS Live Update Utility, by injecting a backdoor into it at least between June and November 2018. Kaspersky Lab experts estimate that the attack may have affected more than a million users worldwide.
A supply chain attack is one of the most dangerous and effective infection vectors, increasinglyexploited in advanced operations over the last few years – as we have seen with ShadowPad or CCleaner. It targets specific weaknesses in the interconnected systems of human, organisational, material, and intellectual resources involved in the product life cycle: from initial development stage through to the end user. While a vendor’s infrastructure can be secure, there could be vulnerabilities in its providers’ facilities that would sabotage the supply chain, leading to a devastating and unexpected data breach.
The actors behind ShadowHammer targeted the ASUS Live Update Utility as the initial source of infection. This is a pre-installed utility in most new ASUS computers, for automatic BIOS, UEFI, drivers and applications updates. Using stolen digital certificates used by ASUS to sign legitimate binaries, the attackers have tampered older versions of ASUS software, injecting their own malicious code. Trojanized versions of the utility were signed with legitimate certificates and were hosted on and distributed from official ASUS update servers – which made them mostly invisible to the vast majority of protection solutions.
While this means that potentially every user of the affected software could have become a victim, actors behind ShadowHammer were focused on gaining access to several hundreds of users, which they had prior knowledge about. As Kaspersky Lab’s researchers discovered, each backdoor code contained a table of hardcoded MAC addresses – the unique identifier of network adapters used to connect a computer to a network.
Once running on a victim’s device, the backdoor verified its MAC address against this table. If the MAC address matched one of the entries, the malware downloaded the next stage of malicious code. Otherwise, the infiltrated updater did not show any network activity, which is why it remained undiscovered for such a long time. In total, security experts were able to identify more than 600 MAC addresses. These were targeted by over 230 unique backdoored samples with different shellcodes.
The modular approach and extra precautions taken when executing code, to prevent accidental code or data leakage indicates that it was very important for the actors behind this sophisticated attack to remain undetected, while hitting some very specific targets with surgical precision. Deep technical analysis shows that the arsenal of the attackers is very advanced and reflects a very high level of development within the group.
The search for similar malware has revealed software from three other vendors in Asia, all backdoored with very similar methods and techniques. Kaspersky Lab has reported the issue to Asus and other vendors.
“The selected vendors are extremely attractive targets for APT groups that might want to take advantage of their vast customer base,” said Vitaly Kamluk, Director of Global Research and Analysis Team, APAC, at Kaspersky Lab. “It is not yet very clear what the ultimate goal of the attackers was and we are still researching who was behind the attack. However, techniques used to achieve unauthorised code execution, as well as other discovered artefacts suggest that ShadowHammer is probably related to the BARIUM APT, which was previously linked to the ShadowPad and CCleaner incidents, among others. This new campaign is yet another example of how sophisticated and dangerous a smart supply chain attack can be nowadays.”
In order to avoid falling victim to a targeted attack by a known or unknown threat actor, Kaspersky Lab researchers recommend implementing the following measures:
- In addition to adopting must-have endpoint protection, implement a corporate grade security solution which detects advanced threats on the network level at an early stage, such as Kaspersky Anti Targeted Attack Platform;
- For endpoint level detection, investigation and timely remediation of incidents, we recommend implementing EDR solutions such as Kaspersky Endpoint Detection and Response or contacting a professional incident response team;
- Integrate Threat Intelligence feeds into your SIEM and other security controls in order to get access to the most relevant and up-to-date threat data and prepare for future attacks.
Kaspersky Lab will present full findings on Operation ShadowHammer at the Security Analyst Summit 2019 in Singapore, running from 9 to 11 April.
Click here to read Asus’ response.
Cape Town not so calm – if you’re a driver
Cape Town drivers lose on average 162 hours a year to traffic jams, so will need some tech and a few tips to stay calm
Cape Town drivers lose, on average, 162 hours a year stuck in traffic jams, and the city is ranked 95th out of around 200 cities, across 38 countries surveyed globally, in terms of congestion issues.
That’s according to the latest INRIX 2018 Global Traffic Scorecard, which is an annual analysis of mobility and congestion trends. The study provides a data-rich evaluation of information collected during peak (slowest) travel times, and inter peak (fastest point between morning and afternoon commutes) travel times. Together they provide a holistic account of congestion throughout the day, delivering in-depth insights for vehicle drivers and policy-makers to make better decisions regarding urban travel and traffic health.
Of the further five South African cities surveyed:
- Pretoria drivers lose, on average, 143 hours a year stuck in traffic jams, ranking as the 64thmost congested city
- Johannesburg drivers lose an average of 119 hours annually, ranking 61st
- Durban drivers lose 72 hours, ranking 141st
- Port Elizabeth drivers lose 71 hours, ranking 75th
- And Bloemfontein drivers lose 62 hours, ranking 165th
If these hours sound horrific, spare a thought for the poor drivers in Colombia’s capital city of Bogotá who lose, on average, a whopping 272 hours a year stuck in traffic jams!
On average, drivers’ commutes increase by roughly 30% during peak versus inter-peak hours. And the reality is that congestion issues aren’t going away anytime soon. Not here in SA, or anywhere else in the world. So what can we, as drivers, do to make the situation easier to cope with on our daily commute?
Change of mindset
Stressing about the unavoidable, the inevitable, and all the things that are out of our control – like congestion caused by accidents, faulty street lights, or bad weather – is a waste of energy. We should try finding ways of using that time in our cars more productively, to create a less tense, more positive experience. Learning to change our perspective about this challenging time, and associating it with something enjoyable, can drastically alter our reaction to and engagement with it. Rather than expending all our energy on futile anger and frustration, we can channel our focus on things that relax or energise us instead.
Just one more chapter
Being stuck in traffic usually aggravates us because it feels like a huge waste of valuable time. But like a wise man once said, time you enjoy wasting is not wasted time. Listening to a podcast or audiobook can not only be entertaining, but also educational, which is a brilliant use of your time. Ifyou think of your car as a ‘learning lab’, a mobile university of sorts, and your time spent inside as away to exercise your brain and grow intellectually, you may even find yourself wishing for bad traffic so you have an excuse to carry on listening to your podcast or audiobook.
Tame your inner Hulk
Pulling up a playlist of your favourite, feel-good songs can do wonders to combat stress levels. Downbeat music has been proven to have a mellowing effect on drivers. Making a quick switch to downbeat music shows measurable physiological improvements, with drivers calming down much sooner, and making fewer driving mistakes. So the next time you feel your inner Hulk emerging, crank up the volume on your favourite tunes.
The power of ‘caromatherapy’
There are numerous studies on aromas and their impact on human emotion, behaviour, and performance. Researchers have found that peppermint can enhance mental and athletic performance and cognitive functioning, while cinnamon may improve tasks related to attentional processes and visual-motor response speed. A study from Kyoto University in Japan revealed that participants reported significantly lower hostility and depression scores, and felt more relaxed after awalk through a pine forest. It makes sense then, to incorporate some ‘caromatherapy’ into our lives. There are plenty of off-the-shelf car diffusers available, or you could add a few drops of essential oil to DIY felt air fresheners. Citrus scents like orange or lemon can provide a boost of energy, while rosemary can relieve stress and anxiety. Take care not to hang anything that might obstruct your field of vision though, and always make sure to test out essential oils at home first, in case a scent makes you dizzy or overly relaxed, which could affect driving focus.
Contemplate your navel
The mind is a powerful thing, and simply willing yourself to relax might be the most effective method of all. While we don’t recommend meditating while driving due to safety reasons, breathing exercises can help you stay focused and feeling calm. One useful practice is the one-to-one technique – breathing in and out for the same count with the same intensity. Deep, measured breaths facilitate full oxygen exchange, helping to slow down the rate of your heartbeat and stabilise blood pressure, as opposed to shallow breathing, which doesn’t send enough air to the lowest part of your lungs, causing you to feel anxious and short of breath. Just always keep your eyes on the road, and take care to ensure you’re not so busy counting breaths that your concentration is compromised.
Not all those who wander are lost
Some of our best ideas come in those moments where we’re alone with our own thoughts, able to really reflect on the ideas we have without having something immediate that needs our attention. Allow your mind to wander, and do a little brainstorming. Alternatively, use the time to simply day dream. Remember, downtime is not dead time. It is both necessary, and important for your mental health. Use this time as an opportunity to take care of yourself.
In-built vehicle tech
“As we spend more and more time commuting, cars are being designed to accommodate longer periods behind the wheel,” says Kuda Takura, smart mobility specialist at Ford Motor Company of Southern Africa. “Ford uses human-centric design to deliver vehicles that are inviting, accommodating, and intuitive. For example, our SYNCT infotainment system offers nifty, hands-free functions, like allowing drivers to listen to their texts, change music or climate settings, and make phone calls easily with voice control. Our range of driver-assist technologies, like Adaptive Cruise Control, Pre-Collision Assist with Pedestrian Detection and Semi-Auto Active Park Assist, are also designed to take some of the stress off city driving. If our lifestyle means that we might be spending more time in our cars than we do on holiday, then we should make sure we make the most of that time.”
Vodacom exits Africa biz services
Vodacom Group has sold Vodacom Business Africa’s operations in Nigeria, Zambia and Cote d’Ivoire to Andile Ngcaba’s Synergy Communications. The two entities are in the process of concluding the acquisitions, which are subject to the approval of the regulatory authorities within these markets.
Vodacom says the transaction supports the Group’s enterprise strategy in Africa, which has been refocused to grow and strengthen its core business. It will no longer directly service global enterprise customers in these three markets but will rather continue to operate as a pan African telecommunications networks provider through local relationships, like the one with Synergy Communications.
This acquisition represents a significant milestone in Synergy Communication’s quest to be a leading provider of cloud and digitally based services in key markets across sub-Saharan Africa and provides key additional assets in its build out of a regional footprint. Synergy Communications currently has operations in Botswana, Malawi and Mozambique.
Andile Ngcaba, Chairman of Synergy Communications said: “This is an exciting landmark transaction for Synergy Communications, providing us with additional momentum in the delivery of our strategy as a pan-African enterprise digital Services Provider. Synergy Communications will partner with major global cloud providers and deliver platform-based services to both multi-nationals and local enterprises.”
Shameel Joosub, CEO of Vodacom Group, said: “Vodacom has a clear vision for strengthening our position as a leading pan-African business and will work with local service providers like Synergy Communications to grow in these markets. Crucially, Vodacom is not exiting any of the territories related to this transaction and remains focused on continuing to deliver exceptional service to our global and multinational clients in these markets through long-term commercial agreements.
“To support the sustainable growth of pan African digital economies and building connected societies, Vodacom will, via local service providers, continue to service clients in each market. We seek to leverage the collective strengths of Vodacom and Synergy Communications to meet the changing requirements of clients across each of these markets.”