Kaspersky Labs recently discovered that an ASUS server was hacked and used to deliver malware to hundreds of thousands of users, in the guise of verified automatic updates. The malware, dubbed ShadowHammer, was pushed to ASUS customers for around five months in 2018, but was not discovered until January of this year. ASUS has released an update for all users, but Kaspersky has warned that the same technique was also attempted with three other PC manufacturers. A diagnostic tool is available for users to check if they are affected and a full list has been released by an Australian cyber security firm for further research purposes.
Precision as an art form
Leveraging automatic updates is nothing new – but what’s interesting about this attack is how targeted it was. Although a malicious backdoor was installed on every infected machine (around half a million), only 600 or so - with specifically pre-selected MAC addresses - were subject to the second stage of the attack. Will this type of precision targeting become the norm?
A recent example of targeted malware includes LockerGoga, which was used to attack Norsk Hydro, amongst others, costing the organisation an estimated $40 million. This highly sophisticated ransomware relies on pre-existing knowledge of users’ credentials, which is then exploited to lock them out of the system and encrypt files. But targeted attacks can be more old school in nature and still be effective, with the SamSam ransomware making hackers an estimated $7 million over three years. SamSam attacks were based on individual hackers targeting one organisation at a time, spending several days preparing the system and activating the ransomware manually, once enough of the network was compromised.
But when it comes to precision attacks, the 2010 Stuxnet worm raised the bar which has never really been equaled. Developed as a cyberweapon, it specifically targeted Iranian nuclear development by seeking out a component used in industrial controls and manipulating it to physically interfere with uranium production. Stuxnet even had a self-destruct mechanism, as one of many innovative steps to avoid detection. While this is still exceptionally sophisticated, new technologies could make threats on this level a day to day reality.
What horrors lie ahead?
As technology continues to evolve, so do the available attack vectors – and artificial intelligence could be a key driver in creating yet more targeted approaches. Last August, IBM unveiled a proof of concept, AI-based malware called DeepLocker. Demonstrated at the BlackHat USA conference, the malware used AI locksmithing to hide in a video conferencing app - which used facial recognition to trigger the payload when the intended target joined the call. It’s early days for applying AI to malware, but it could be a serious threat as this type of technology matures – and one that the cyber industry should be prepared for.