Fraudsters try to spread malware using legitimate programs!

Beware of “supply chain attacks”! Fraudsters shamelessly exploit the trust in well-known software manufacturers and inject malware.

As our cooperation partner Watchlist Internet explains, most people trust well-known software manufacturers when they update an app, program or other product or bring a new product onto the market. But it is precisely this trust that criminals exploit in so-called “supply chain attacks”.

Malware is distributed to numerous users via supposedly trustworthy software. The target of this attack is primarily companies, but it can also affect private users.

Imagine you have commissioned a cake from a pastry shop. The cake is ready, you go to the pastry shop and are satisfied because the cake is exactly the same as always. The confectioner offers you an “update” with cherries. They agree and can pick up the “updated” cake tomorrow. But before the confectioner can place the cherries on the cake, fraudsters sneak into the confectionery and infect the cherries with a worm.

The pastry chef doesn't notice this, uses the infected cherries to remake your cake and sells this cake to you. You don't notice anything about the worm either, except that the cake gives you a stomach ache. This is roughly how a “supply chain attack” can be described.

With this relatively new type of threat, companies are not attacked directly, but rather through their supply chains. Criminals infect well-known and reputable applications with malware. These attacks represent a great danger because a program that has been used for years can suddenly become harmful.

Where can malware hide?

There are various options as to which part of the supply chain the criminals use to break into an application and add the malicious code there:

• in development environments or update infrastructures of software companies and the malware is hidden there. If there is a new release of software or a security update, the malware is distributed via official sales channels.
• Applications are infected with malware even before they are signed and therefore officially distributed. Stolen certificates can be used to sign and thereby distribute them.
• If a software company uses third-party components infected code can also be injected into these components . The malicious code can spread to a variety of different programs.
• The pre-installed on physical devices (e.g. smartphones, tablets, USB sticks, cameras) .

How do criminals gain access to the network?

Before the software can even be infected, the criminals need access to the software company's network. Attack attempts usually start with so-called spear phishing attacks, i.e. targeted emails that attempt to obtain confidential data. Social engineering methods are also popular. Through these, the attackers attempt to manipulate people's behavior so that, for example, they reveal confidential information.

[mk_ad]

Both the phishing emails and the social engineering are aimed at employees of the affected company who have the highest possible network privileges. Once the criminals have received initial information, they try to get further into the company network. Already in this process, vulnerabilities in the network are used to obtain further login information. Until they finally have access to the critical systems where they can add their malware.

1.7 million computers affected by infected CCleaner version

One of the most well-known supply chain attacks was the one on the CCleaner software. The software is used to optimize the Windows operating system and is extremely popular not only with companies, but also with private users. However, criminals were able to break into the development environment and add their malicious code there.

CCleaner is an example that shows how complex attacks on supply chains can be. In August 2017, the new infected version of CCleaner was released. The malicious code remained undetected not only until publication, but also for a month afterwards. This made the malicious program available for download for a month. CCleaner maker Piriform estimates that 1.7 million computers were infected.

But not everyone was affected by the actual malware. The first virus stage only collected data from the affected devices in order to find out whether they were of any interest to the criminals. In a second stage, the malware infected mainly telecommunications and technology companies, especially in Japan, Taiwan, Germany and the USA (e.g. Sony, Samsung, Asus or Fujitsu).

How do I protect myself from supply chain attacks?

Supply chain attacks are usually very complicated and difficult to detect. First and foremost, the software companies themselves are called upon to take action against such attacks. They must examine their code more closely before making a program or an update to a program available to the public. It must also be ensured that all applications have a digital signature and can only be distributed via secure and encrypted channels.

Nevertheless, entrepreneurs and private users can also reduce the risk of a supply chain attack. Above all, this includes creating awareness. Companies should continually strengthen the security skills of their employees. However, private users also need to have a certain level of security expertise in order to be aware of the various dangers.

This can, for example, prevent the use of services or programs that are known to be misused to distribute malware. This also makes it easier to detect unusual behavior from certain programs or services. You can find out how you can generally protect yourself from malware in the article How to effectively protect yourself from malware .

You might also be interested in: The current wave of malware is causing a lot of damage

Source: Watchlist Internet
Article image: Shutterstock / By igorstevanovic