Reports indicate that hackers have devised a new way of spreading malware through the supply chain. According to the reports the hackers compromise software vendors who are trusted and then subvert the products with malicious versions of their own. The hackers then use the formulation that is tainted to infect computers of the software vendors’ customers. This helps them bypass internal security controls resulting in malware getting spread far and wide as customers download software updates without a second thought as it’s good digital hygiene.
In one of the instances this hacking technique was used, the popular computer cleaning software known as CCleaner was sabotaged. CCleaner is distributed by the Czech antivirus firm, Avast. This happened after a backdoor was inserted by an unknown hacking group into CCleaner and it was then installed on computers numbering over 700,000. Having gained that foothold, the hackers then tried to compromise networks belong to big tech firm such as Cisco, HTC and Samsung. It is believed the hackers were seeking trade secrets.
In another incident earlier in the year, hackers were able to compromise an accounting software known as MeDoc and which was developed by a firm based in Ukraine. Through MeDoc the hackers were able to deploy ransomware called NotPetya via the update mechanism of the accounting software. The attack led to the crippling of operations at leading companies that included a pharmaceutical company based in the United States and Maersk, the Danish shipping giant.
Over summer the Russian cybersecurity firm Kaspersky Labs came across a backdoor that had been inserted in a piece of U.S. server management software used by NetSarang, a tech firm based in South Korea. The attack led to hundreds of financial institutions as well as other companies getting their computers infected.
This new method of using the supply chain to exploit loopholes and launch attacks is undermining what has been a commonly accepted principle with regards to computer security – that the best way to stay safe is to patch the systems early and regularly. Additionally it is also undermining the trust of computer users with regards to the software ecosystem.
According to researchers from Cisco, products from established vendors do not undergo a scrutiny level that is similar to that of other products from untrusted sources. In a report the Cisco researchers have warned that the exploitation of the software supply chain by hackers will only grow in complexity and velocity.