Tag Archive for: chain

3CX CEO suggests state-sponsored hackers behind supply chain malware attack

/in


Business communications firm 3CX confirmed the downloader for its voice over IP (VoIP) desktop software has been tampered with and now installs a version that sideloads malware onto a victim’s computer

The issue, dubbed ‘SmoothOperator’, is believed to be a supply chain malware attack carried out by a suspected state-sponsored threat actor, with attacks starting last week, according to user reports.

3CX revealed in a blog post on Thursday that it noticed a “security issue” in its Electron Windows App with Update 7, version numbers 18.12.407 & 18.12.416.

It added that antivirus vendors may have flagged the legitimate 3CXDesktopApp.exe and uninstalled it.

3CX said it was still researching the issue, but believes it originated in one of the bundled libraries it compiled into the Windows Electron App via GIT. The domains contacted by the compromised library have already been reported, with most shut off overnight, said CISO Pierre Jourdan.

“A GitHub repository which listed them has also been shut down, effectively rendering it harmless,” he said.

“Worth mentioning – this appears to have been a targeted attack from an Advanced Persistent Threat, perhaps even state-sponsored, that ran a complex supply chain attack and picked who would be downloading the next stages of their malware,” said Jourdan. “The vast majority of systems, although they had the files dormant, were in fact never infected.”

The company is currently working on a new Windows App that isn’t affected by the issue, and will also issue a new certificate for the app. Jourdan said this will take at least 24 hours.

He also encouraged customers to use its PWA app, which is completely web-based. “The advantage is that it does not require any installation or updating and chrome web security is applied automatically,” he said.

3CX CEO Nick Galea said in a company forum post that the issue was reported to the organisation on the evening of 29 March.

He recommended uninstalling the app and installing it again, and added that if customers are running Windows Defender it will uninstall it automatically. Galea said the company is going to analyse the issue and release a report later on Thursday, but is now only…

Source…

Canadian Bookstore Chain Indigo Says Employee Data Stolen in Ransomware Attack

/in


Canadian bookstore chain Indigo this week confirmed that the personal information of both current and former employees was stolen in a ransomware attack last month.

The hack, Indigo says, took place on February 8 and resulted in the company taking down affected systems to contain the incident. The company was able to restore online payments and exchanges and returns two weeks ago.

The investigation into the incident has revealed that some employee data was compromised during the attack, but Indigo says it has no evidence that customer data was accessed. No credit and debit card information was impacted, the company says in an updated notice on its website.

Should the investigation reveal that any customer data has been compromised, Indigo promises to contact the impacted individuals immediately.

The ransomware deployed during the attack, Indigo says, was LockBit, which is known to be used by cybercriminals either located in Russia or with ties to Russian organized crime.

The company says it has already started notifying impacted individuals of the incident, but did not say how many were affected. Indigo currently operates more than 160 stores across Canada and has over 8,000 employees.

Indigo also says that it has been working with Canadian authorities and the FBI to investigate the attack and that it does not plan to give in to the attackers’ ransom demands.

The hackers, however, have threatened to publish the stolen data on the dark web starting this week, unless a ransom is paid.

“The privacy commissioners do not believe that paying a ransom protects those whose data has been stolen, as there is no way to guarantee the deletion/protection of the data once the ransom is paid. Both US and Canadian law enforcement discourage organizations from paying a ransom,” the company notes.

Related: Dish Network Says Outage Caused by Ransomware Attack

Related: Ransomware Attack Hits US Marshals Service

Related: Ransomware Attack Forces Produce Giant Dole to Shut Down Plants

Source…

Supply chain disruption driving 3D printing tech

/in


The need to shorten supply chains in the face of ongoing global uncertainty and disruption is a pressing issue for many organisations, especially for multinational manufacturing companies that have come to rely on cheap labour in South East Asia.

China, in particular, continues to be hobbled by an economic downturn, power shortages and ongoing lockdowns resulting from its zero-tolerance approach to COVID-19. China’s days as the world’s manufacturing engine room seem to be numbered, as businesses seek to relocate manufacturing to other nations in Asia, such as Vietnam, or nearshore or reshore it closer to home.

There are, however, other means of shortening supply chains – one of which is 3D printing, also known as additive manufacturing (AM). 

AM technology started out as a way to produce prototypes with no machine tooling, but, over the past decade, it has evolved rapidly. An early drawback was that the process worked only with plastics; now, though, substances that can be printed include powders, resins, metals, carbon and even human flesh. 

In a report exploring the status of 3D printing – called The Mainstreaming of Additive Manufacturing, co-author Jörg Bromberger, Director of Strategy & Operations – points out that AM technology can generate any 3D component that will perform better and cost less than conventional manufacturing methods. 

3D printing allows for mass-scale customisation

He also highlights there’s no need for moulds or fixed tooling, and that it also allows for mass-scale customisation. Such simplicity of fabrication, he continues, reduces time-to-market and the need for spare-parts inventories, enabling the on-demand production of items from digital files in the field. Bromberger cites the example of carmaker Mercedes-Benz, which uses AM to produce spare parts for its classic vehicles.

The tech has the huge potential to help businesses reimagine manufacturing-based supply chains, and Bromberger feels that the technology is approaching the point where it is becoming disruptive: “When can a technology that has long been touted as a disruptive game changer for supply chains be said to have truly come of age?” 

His answer? When it’s a…

Source…

10 software supply chain attacks you can learn from

/in


software-supply-chain-attacks-2022

Supply chain attacks are surging — and no one is immune. That has CISOs and boards worried. Learn from these notable 2022 software supply chain attacks. 

Since the devastating compromise of the SolarWinds Orion platform in 2020, malicious actors have steadily stepped up their software supply chain attacks. One 2022 survey found that supply chain attacks are affecting 62% of organizations.

And many organizations say they are not prepared to deal with the challenges of protecting their software supply chain. A recent survey of 1,000 CIOs found that 82% of organizations are vulnerable to software supply chain attacks. 

The State of Software Supply Chain Security 2022-23 explores top trends, best practices and more. One thing is clear: Supply chain attacks are surging — and no one is immune. That has made them the center of conversations about cyber risk and cybersecurity with CISOs and boards. 

Here are 10 software supply chain attacks from 2022 that your team can learn from.

npm

A typosquatting campaign aimed at a popular JavaScript node packager used by some 11 million developers worldwide was discovered in July by researchers at ReversingLabs. The campaign, known as IconBurst, used dozens of malicious NPM modules containing obfuscated JavaScript code to compromise hundreds of downstream desktop apps and websites ReversingLabs’ Karlo Zanki wrote in his threat research blog post.

“Upon closer inspection, we discovered evidence of a coordinated supply chain attack, with a large number of npm packages containing jQuery scripts designed to steal form data from deployed applications that include them.”
Karlo Zanki

Zanki explained that the pernicious actor gave the malicious modules names similar to high-traffic modules or names containing common misspellings of those modules, hoping careless developers would use the doctored versions of modules like umbrellajs and packages produced by Iconic.io. Since the users of the software and not the developers were the ultimate target of the scheme, the attack is similar to the infamous SolarWinds compromise, he added.

Comparitech estimates that 35,754 customers were affected by the attack.

Python Package Index (PyPI)

The…

Source…