Tag Archive for: supply

Supply chain attack spread Linux malware via free download manager site


Linux users have been targeted by a supply chain attack that exploited a download manager website to facilitate Bash stealer deployment from 2020 to 2022, The Hacker News reports.

Threat actors compromised the “freedownloadmanager[.]org” website in January 2020 to redirect to another domain with a malicious Debian package that eventually resulted in the delivery of the crond backdoor and the Bash information-stealing malware, which sought to exfiltrate cloud service credentials, system information, cryptocurrency wallet files, and saved passwords, according to a Kaspersky report.

Detection of the now inactive campaign has been hampered by the absence of the Debian package in some of the targets that downloaded the software.

“While the campaign is currently inactive, this case of Free Download Manager demonstrates that it can be quite difficult to detect ongoing cyberattacks on Linux machines with the naked eye. Thus, it is essential that Linux machines, both desktop and server, are equipped with reliable and efficient security solutions,” said researchers.

Source…

Software Supply Chain Security: The Basics and Four Critical Best Practices


What is software supply chain security?

Modern enterprise software is typically composed of some custom code and an increasing amount of third-party components, both closed and open source. These third-party components themselves very often get some of their functionality from other third-party components. The totality of all of the vendors and repositories from which these components (and their dependencies) come make up a large part of the software supply chain. But it’s not just code, the supply chain for a software product also includes all of the people, services, and infrastructure that make it run. Adding it all up: the software supply chain is an often large and complex web of various sources of code, hardware, and humans that come together to make, support, and deliver a larger software product.

Using third-party and open source software saves your organization time and money and frees up your developers to create novel software instead of reinventing the wheel, but it comes with a cost. These components are created and maintained by individuals who are not employed by your organization, and these individuals may not have the same security policies, practices, and quality standards as you. This poses an inherent security risk, because differences and inconsistencies between policies can create overlooked areas of vulnerability that attackers may seek to exploit.

Attackers can compromise the security of the software supply chain in a number of ways including:

  • Exploiting bugs or vulnerabilities in third-party components
  • Compromising the development environment of a third party and injecting malware
  • Creating fake components that are malicious

Software supply chain security seeks to detect, prevent, and mitigate these threats and any others that stem from an organization’s third-party components. In this blog post, one of a series of guides about continuous integration and delivery (CI/CD), we look at software supply chain attacks, and how best to thwart them.

What is a software supply chain attack?

According to the U.S. National Institute of Standards and Technology (NIST), a software supply chain attack occurs when a threat actor “infiltrates a software vendor’s…

Source…

The Future Of Software Supply Chain Security? It’s Already Here


Cofounder and CEO of ReversingLabs, which helps cybersecurity teams gain insights into malware-infected files and objects.

“The future is already here,” the science fiction writer William Gibson famously observed. “It’s just not evenly distributed.”

That quote came to mind recently as I considered the recent software supply chain hack of the Voice over Internet Protocol (VoIP) provider 3CX and calls for greater oversight of software security and the security of software supply chains in the wake of that incident.

Those calls have come from the very top of the U.S. government. For example, Jen Easterly, the Director of the Cybersecurity and Infrastructure Security Agency (CISA) and her co-author, Eric Goldstein, wrote in Foreign Affairs that “Americans need a new model” for securing technology, “one they can trust to ensure the safety and integrity of the technology that they use every hour of every day.”

The two argue for a new regulatory model that emphasizes safety and security, similar to the way federal and state regulations, such as laws mandating the inclusion and use of seatbelts, airbags and other safety features, have greatly reduced the number of fatal accidents in the past half-century.

Of course, technology industry groups like TechNet are wary of stricter government regulation of product design and argue that stricter government regulation of cybersecurity will stifle innovation.

It’s true: Securing a software application or supply chain is not the same thing as keeping a river clear of pollutants. But it is also true that software supply chains are deeply intertwined with the supply chains that keep the lights on, keep water flowing and clean and put food on supermarket shelves.

Decades of digital transformation have seen digital systems replace mechanical ones, with little ability to gracefully fall back to human-managed, analog controls. The result is that cyberattacks now have the capacity for widespread social disruption, as evidenced by the hack of Colonial Pipeline (paywall).

Medical Devices: The Future Of Cybersecurity Regulations

Calls for greater oversight of software security and software supply chains mark a profound shift for a federal…

Source…

N.K. Hackers Employ Matryoshka Doll-Style Cascading Supply Chain Attack on 3CX


Cascading Supply Chain Attack

The supply chain attack targeting 3CX was the result of a prior supply chain compromise associated with a different company, demonstrating a new level of sophistication with North Korean threat actors.

Google-owned Mandiant, which is tracking the attack event under the moniker UNC4736, said the incident marks the first time it has seen a “software supply chain attack lead to another software supply chain attack.”

The Matryoshka doll-style cascading attack against 3CX first came to light on March 29, 2023, when it emerged that Windows and macOS versions of its communication software were trojanized to deliver a C/C++-based data miner named ICONIC Stealer by means of a downloader, SUDDENICON, that used icon files hosted on GitHub to extract the server containing the stealer.

“The malicious application next attempts to steal sensitive information from the victim user’s web browser,” the U.S. Cybersecurity and Infrastructure Security Agency (CISA) said in an analysis of the malware. “Specifically it will target the Chrome, Edge, Brave, or Firefox browsers.”

Select attacks targeting cryptocurrency companies also entailed the deployment of a next-stage backdoor referred to as Gopuram that’s capable of running additional commands and interacting with the victim’s file system.

Mandiant’s investigation into the sequence of events has now revealed the patient zero to be a malicious version of a now-discontinued software provided by a fintech company called Trading Technologies, which was downloaded by a 3CX employee to their personal computer.

It described the initial intrusion vector as “a malware-laced software package distributed via an earlier software supply chain compromise that began with a tampered installer for X_TRADER.”

This rogue installer, in turn, contained a setup binary that dropped two trojanized DLLs and an innocuous executable, the latter of which is used to side-load one of the DLLs that’s camouflaged as a legitimate dependency.

The attack chain then made use of open source tools like SIGFLIP and DAVESHELL to ultimately extract and execute VEILEDSIGNAL, a multi-stage modular backdoor written in C that’s capable of sending data, executing shellcode, and terminating…

Source…