Are you ready for hackers’ incoming supply-chain attacks?
A recent report released by 401TRG (the Threat Research & Analysis Team at ProtectWise) reveals that Chinese hackers, who have abundant experience on APTs, are now getting prepared for software supply-chain attacks. Are your ready?
What is software supply-chain attack?
Hackers usually insert a backdoor to a legitimate widely-used software. When a company purchased this software, even though its system is secure, the backdoor may cause leakage of vital information. Considering that 56% of companies experienced a breach because of supply chain (aka third party) in 2017, companies need to be careful about supply-chain attacks. Some major software supply-chain attacks in 2017 are listed below.
- An open-source video conversion tool for MacOS, called Handbrake, hacked. Hackers created a backdoor through Handbrake to disseminate a remote access toolkit, Proton.
- A popular Ukrainian software updating its products helped spreading a ransomware called XData in May 2017. In June, another ransomware called NotPetya used the same method.
- In August, NetSarang products were abusively used by attackers to deliver a malicious code to their customers through a backdoor inserted by hackers. This attack, called ShadowPad, exploited a date-based Domain Generating Algorithm (DGA).
- In September, another date-based DGA-using attack performed with a backdoor inserted in CCleaner, an ad-removal tool.
How hackers plan to perform supply-chain attacks?
According to 401TRG report, Chinese hackers target code signing certificates, which is crucial for a supply-chain attack to poisson official software with a malware to create a backdoor. Once poisoned, the companies that use these official-but-hacked software will be under the risk of a breach.
Chinese hackers targeting software and gaming corporations in US, South Korea, and China (corporations which may possess code signing certificates) also suggests the preparation of such supply-chain attacks.
What can be done for defense?
Unfortunately, there are no straight-forward answer for this questions. Intuitively, companies first determine all the software (licensed or open source) they use in their company. Preparing such list is very important. Considering these software as a possible attack vector is the first step forward. Internally the company can perform endpoint anomaly-based detection is essential for event assessment to mitigate or even eliminate the risk.
However, something can also be done before the attack. Platforms that assess supply chains cyber risk can provide you intel about such risks. Even before purchasing or licensing a software, the cyber risk that it pose can be learned and act accordingly.
With Black Kite Cyber Risk Scorecard, a company can create an ecosystem for such software and perform a passive non-intrusive scan to understand the cyber risk of supply chain. Act now and learn your and your supply chain cyber risk here.