Hackers Hijacked ASUS Software Updates to Install Backdoors on Thousands of Computers

Never mind specialized tools, there's still no replacement for keeping system backup images.

 

But where is the fun in that? The ability to block these advanced attacks even when they have already infiltrated the system, that's the fun part. Also, backups won't help when some banking trojan manages to plunder your bank account.

 

Indeed, the most common use, at least so far, seems to be data stealing, and that cannot be fixed by restoring a system image.

 

It's not hard to prevent data stealing.

Btw, my comment about backups is they are no substitute for any kind of issue that the end user can't easily fix, whether it be malware infestations, file corruptions, user-induced problems, hardware failures, etc...

 

Banking online is equivalent to getting drunk & walking down dark allies in East L.A. all the while flashing a wad of hundred dollar bills & flipping the bird to everyone along the way. Unless one is bed-bound, is it so hard to do one's banking in person, as we did before the internet came along?

 

Yes, but banking online seems ultra-convenient, to the exclusion of everything else. Offline trumps backups in this context. I don't bank online and never have/will. I use a dumb flip phone for that and it doubles as a device to call and talk to live people. Or walk the mile to my 2nd tier bank on a breezy spring day and stop at the green grocer on the way back. Life is good!

 

If you guys are afraid of banking online from a known wifi connection in your home, then you must not trust your bank, your computer or both.

 

Nope. Something with its automated banking menu or its ATMs is too-frequently on the fritz. The ASUS site is currently totally devoid of mention of this breach, and since a fix was issued for the updater software and antivirus people like Kaspersky right on it, ASUS simply seems to be gliding right over it. No mention, don't want to panic the masses. It doesn't seem that ASUS is inclined to make any apologies or blogs or explanations, unlike CCleaner. Which was the better approach consumer-wise, I wonder? Blab about it or keep mum?

 

When you go to the bank with checks to deposit, or you come out of the bank with a wad of cash, isn't there a risk of losing your checks or your cash? Or possibly being robbed?
I think the chance that I will drop a check on the way, or lose my wallet, is much higher than the chance of getting hacked on my home network on my well-protected desktop computer.

 

I never carry cash. I charge everything, pay in full monthly, & get a kick-back that goes into a college fund for my grandkids. Doesn't everyone? (^_^)

 

Okay, so your financial practices are obviously much more prudent than mine. But nevertheless, a careful user on a clean machine connected to a safe network is not exposing himself to risks that are significantly greater than those of traditional banking.
That's how I see it, anyways.

 

Exactly, have been banking online for 20 years now, never had a single problem. The key is the keep the system clean and it also depends on security measures taken by the bank. They must use some form of 2FA, preferably with hardware token, even if it's sometimes a bit annoying.

 

Operation ShadowHammer: a high-profile supply chain attack
April 23, 2019
https://securelist.com/operation-shadowhammer-a-high-profile-supply-chain-attack/90380/