Centripetal Comments in Dark Reading

April 2, 2019

By Lauren Farrell

Centripetal Comments in Dark Reading Article "ShadowHammer Dangers Include Update Avoidance"

More fallout from the compromise of Asus's automated software update. Experts Commented below:

Colin Little, Senior Threat Analyst at Centripetal:

The ShadowHammer attackers used a trusted supplier — which itself was using trusted certificates for authentication — to target a relatively small number of end users. But the impact of the attack may be felt far beyond the targeted systems as customers around the world lose confidence in the software, firmware, updates, and patches provided by Asus. "We plainly see the need for validation of trusted-vendor channels in addition to digital signatures — which, in this case, appears to have further concealed the malicious activity by providing a false sense of integrity — not just for software and platform updates, but any 'trusted' vendor network which has access into our environment," says Colin Little, senior threat analyst at Centripetal.

Know what’s coming. 
Stop what’s next.

Sign up for expert threat intel and see how Centripetal is redefining cyber defense—before the threat hits your firewall.

Centripetal is committed to protecting and respecting your privacy, by submitting this form, you are providing Centripetal with your personal data. For more information on how we use your personal data and the choices you have, please review Centripetal's Privacy Policy. 

The Cybercrime Barrier Your Organization Deserves

Sign up for a custom demonstration from our security team of how we bring together the best minds and most complete collection of threat intelligence to provide you with a shocking level of relief. 

Get A Demo