Kaspersky Lab has uncovered a new advanced persistent threat (APT) campaign that has affected a large number of users through what is known as a supply chain attack. Its research found that threat actors behind Operation ShadowHammer have targeted users of the ASUS Live Update Utility, by injecting a backdoor into it at least between June and November 2018. Kaspersky Lab experts estimate that the attack may have affected more than a million users worldwide.
A supply chain attack is one of the most dangerous and effective infection vectors, increasinglyexploited in advanced operations over the last few years – as we have seen with ShadowPad or CCleaner. It targets specific weaknesses in the interconnected systems of human, organisational, material, and intellectual resources involved in the product life cycle: from initial development stage through to the end user. While a vendor’s infrastructure can be secure, there could be vulnerabilities in its providers’ facilities that would sabotage the supply chain, leading to a devastating and unexpected data breach.
The actors behind ShadowHammer targeted the ASUS Live Update Utility as the initial source of infection. This is a pre-installed utility in most new ASUS computers, for automatic BIOS, UEFI, drivers and applications updates. Using stolen digital certificates used by ASUS to sign legitimate binaries, the attackers have tampered older versions of ASUS software, injecting their own malicious code. Trojanized versions of the utility were signed with legitimate certificates and were hosted on and distributed from official ASUS update servers – which made them mostly invisible to the vast majority of protection solutions.
While this means that potentially every user of the affected software could have become a victim, actors behind ShadowHammer were focused on gaining access to several hundreds of users, which they had prior knowledge about. As Kaspersky Lab’s researchers discovered, each backdoor code contained a table of hardcoded MAC addresses – the unique identifier of network adapters used to connect a computer to a network.
Once running on a victim’s device, the backdoor verified its MAC address against this table. If the MAC address matched one of the entries, the malware downloaded the next stage of malicious code. Otherwise, the infiltrated updater did not show any network activity, which is why it remained undiscovered for such a long time. In total, security experts were able to identify more than 600 MAC addresses. These were targeted by over 230 unique backdoored samples with different shellcodes.
The modular approach and extra precautions taken when executing code, to prevent accidental code or data leakage indicates that it was very important for the actors behind this sophisticated attack to remain undetected, while hitting some very specific targets with surgical precision. Deep technical analysis shows that the arsenal of the attackers is very advanced and reflects a very high level of development within the group.
The search for similar malware has revealed software from three other vendors in Asia, all backdoored with very similar methods and techniques. Kaspersky Lab has reported the issue to Asus and other vendors.
“The selected vendors are extremely attractive targets for APT groups that might want to take advantage of their vast customer base,” said Vitaly Kamluk, Director of Global Research and Analysis Team, APAC, at Kaspersky Lab. “It is not yet very clear what the ultimate goal of the attackers was and we are still researching who was behind the attack. However, techniques used to achieve unauthorised code execution, as well as other discovered artefacts suggest that ShadowHammer is probably related to the BARIUM APT, which was previously linked to the ShadowPad and CCleaner incidents, among others. This new campaign is yet another example of how sophisticated and dangerous a smart supply chain attack can be nowadays.”
In order to avoid falling victim to a targeted attack by a known or unknown threat actor, Kaspersky Lab researchers recommend implementing the following measures:
- In addition to adopting must-have endpoint protection, implement a corporate grade security solution which detects advanced threats on the network level at an early stage, such as Kaspersky Anti Targeted Attack Platform;
- For endpoint level detection, investigation and timely remediation of incidents, we recommend implementing EDR solutions such as Kaspersky Endpoint Detection and Response or contacting a professional incident response team;
- Integrate Threat Intelligence feeds into your SIEM and other security controls in order to get access to the most relevant and up-to-date threat data and prepare for future attacks.
Kaspersky Lab will present full findings on Operation ShadowHammer at the Security Analyst Summit 2019 in Singapore, running from 9 to 11 April.
Click here to read Asus’ response.
IoT sensors are anything from doctor to canary in mines
Industrial IoT is changing the shape of the mining industry and the intelligence of the devices that drive it
The Internet of Things (IoT) has become many things in the mining industry. A canary that uses sensors to monitor underground air quality, a medic that monitors healthcare, a security guard that’s constantly on guard, and underground mobile vehicle control. It has evolved from the simple connectivity of essential sensors to devices into an ecosystem of indispensable tools and solutions that redefine how mining manages people, productivity and compliance. According to Karien Bornheim, CEO of Footprint Africa Business Solutions (FABS), IoT offers an integrated business solution that can deliver long-term, strategic benefits to the mining industry.
“To fully harness the business potential of IoT, the mining sector has to understand precisely how it can add value,” she adds. “IoT needs to be implemented across the entire value chain in order to deliver fully optimised, relevant and turnkey operational solutions. It doesn’t matter how large the project is, or how complex, what matters is that it is done in line with business strategy and with a clear focus.”
Over the past few years, mining organisations have deployed emerging technologies to help bolster flagging profits, manage increasingly weighty compliance requirements, and reduce overheads. These technologies are finding a foothold in an industry that faces far more complexities around employee wellbeing and safety than many others, and that juggles numerous moving parts to achieve output and performance on a par with competitive standards. Already, these technologies have allowed mines to fundamentally change worker safety protocols and improve working conditions. They have also provided mining companies with the ability to embed solutions into legacy platforms, allowing for sensors and IoT to pull them into a connected net that delivers results.
“The key to achieving results with any IoT or technology project is to partner with service providers, not just shove solutions into identified gaps,” says Bornheim. “You need to start in the conceptual stage and move through the pre-feasibility and bankable feasibility stages before you start the implementation. Work with trained and qualified chemical, metallurgical, mechanical, electrical, instrumentation and structural engineers that form a team led by a qualified engineering lead with experience in project management. This is the only way to ensure that every aspect of the project is aligned with the industry and its highly demanding specifications.”
Mining not only has complexities in compliance and health and safety, but the market has become saturated, difficult and mercurial. For organisations to thrive, they must find new revenue streams and innovate the ways in which they do business. This is where the data delivered by IoT sensors and devices can really transform the bottom line. If translated, analysed and used correctly, the data can provide insights that allow for the executive to make informed decisions about sites, investment and potential.
“The cross-pollination of different data sets from across different sites can help shift dynamics in plant operation and maintenance, in the execution of specific tasks, and so much more,” says Bornheim. “In addition, with sensors and connected devices and systems, mining operations can be managed intelligently to ensure the best results from equipment and people.”
The connection of the physical world to the digital is not new. Many of the applications currently being used or presented to the mining industry are not new either. What’s new is how these solutions are being implemented and the ways in which they are defined. It’s more than sticking on sensors. It’s using these sensors to streamline business across buildings, roads, vehicles, equipment, and sites. These sensors and the ways in which they are used or where they are installed can be customised to suit specific business requirements.
“With qualified electronic engineers and software experts, you can design a vast array of solutions to meet the real needs of your business,” says Bornheim. “Our engineers can programme, create, migrate and integrate embedded IoT solutions for microcontrollers, sensors, and processors. They can also develop intuitive dashboards and human-machine interfaces for IoT and machine-to-machine (M2M) devices to manage the input and output of a wide range of functionalities.”
The benefits of IoT lie in its ubiquity. It can be used in tandem with artificial intelligence or machine learning systems to enhance analytics, improve the automation of basic processes and monitor systems and equipment for faults. It can be used alongside M2M applications to enhance the results and the outcomes of the systems and their roles. And it can be used to improve collaboration and communication between man, machine and mine.
“You can use IoT platforms to visualise mission-critical data for device monitoring, remote control, alerts, security management, health and safety and healthcare,” concludes Bornheim. “The sky is genuinely the limit, especially now that the cost of sensors has come down and the intelligence of solutions and applications has gone up. From real-time insights to hands-on security and safety alerts to data that changes business direction and focus, IoT brings a myriad of benefits to the table.”
Oracle leads in clash of
Three e-commerce platforms have been awarded “gold medals” for leading the way in customer experience. SoftwareReviews, a division of Info-Tech Research Group, named Oracle Commerce Cloud the leader in its 2020 eCommerce Data Quadrant Awards, followed by Shopify Plus and IBM Digital Commerce. The awards are based on user reviews.
The three vendors received the following citations:
- Oracle Commerce Cloud ranked highest among software users, earning the number-one spot in many of the product feature section areas, shining brightest in reporting and analytics, predictive recommendations, order management, and integrated search.
- Shopify Plus performed consistently well according to users, taking the number-one spot for catalogue management, shopping cart management and ease of customisation.
- IBM Digital Commerce did exceptionally well in business value created, quality of features, and vendor support.
The SoftwareReviews Data Quadrant differentiates itself with insightful survey questions, backed by 22 years of research in IT. The study involves gathering intelligence on user satisfaction with both product features and experience with the vendor. When distilled, the customer’s experience is shaped by both the software interface and relationship with the vendor. Evaluating enterprise software along these two dimensions provides a comprehensive understanding of the product in its entirety and helps identify vendors that can deliver on both for the complete software experience.
“Our recent Data Quadrant in e-commerce solutions provides a compelling snapshot of the most popular enterprise-ready players, and can help you make an informed, data-driven selection of an e-commerce platform that will exceed your expectations,” says Ben Dickie, research director at Info-Tech Research Group.
“Having a dedicated e-commerce platform is where the rubber hits the road in transacting with your customers through digital channels. These platforms provide an indispensable array of features, from product catalog and cart management to payment processing to detailed transaction analytics.”