Tag Archive for: chain

Computer Security Approaches to Reduce Cyber Risks in the Nuclear Supply Chain

/in


Description

Computer security in the nuclear supply chain is an important element of risk management. Nuclear facilities and operations rely upon complex networks of suppliers, vendors, and integrators to provide digital technology, services, and support. This provides a supply chain attack surface that may be exploited to compromise nuclear facilities, operations, and secure environments. Compromise of the supply chain may provide a means to circumvent computer security measures that are in place to protect these critical systems, therefore a defence-in-depth approach that involves people, processes, and technology is needed.
The purpose of this publication is to assist Member States in raising awareness of cyber risks in the nuclear supply chain and help to identify critical issues and mitigation techniques. The aim is to reduce the supply chain attack surface by providing information, good practices, and mitigation techniques through all phases of the supply chain including design, hardware and software development, testing, transportation, installation, operation, maintenance and decommissioning of nuclear computer-based systems.

More Information on reusing IAEA copyright material.

Related publications

2022

2021

2021

2016

2016

Source…

IHG hack: 'Vindictive' couple deleted hotel chain data for fun – BBC

/in



IHG hack: ‘Vindictive’ couple deleted hotel chain data for fun  BBC

Source…

WordPress sites backdoored after FishPig supply chain attack • The Register

/in


It’s only been a week or so, and obviously there are at least three critical holes in WordPress plugins and tools that are being exploited in the wild right now to compromise loads of websites.

We’ll start with FishPig, a UK-based maker of software that integrates Adobe’s Magento ecommerce suite into WordPress-powered websites. FishPig’s distribution systems were compromised and its products altered so that installations of the code semi-automatically downloaded and ran the Rekoobe Linux trojan.

Infosec outfit Sansec raised the alarm this week that FishPig’s software was acting weird: when a deployment’s control panel was visited by a logged-in Magento staff user, the code would automatically fetch and run from FishPig’s back-end systems a Linux binary that turned out to be Rekoobe. This would open a backdoor allowing miscreants to remotely control the box.

After that, the crooks could snoop on customers, alter or steal data, and so on.

Per FishPig’s disclosure, its products were altered as early as August 6, and the offending code has since been removed. We’re told that the paid-for versions were primarily affected. Free versions of FishPig modules available on GitHub were likely clean.

If you’re using FishPig’s commercial software, you should reinstall the tools and check for signs of compromise.

According to FishPig, it’s “best to assume that all paid FishPig Magento 2 modules have been infected.” It’s not known exactly how many customers were caught up in the supply-chain attack, though Sansec said the company’s free Magento packages have been collectively downloaded more than 200,000 times. That doesn’t necessarily mean there’s a comparable number of paid users, though it gives you an idea of the interest in FishPig’s tools.

While it’s not known exactly how the attackers broke into FishPig’s back-end servers, the outcome was…

Source…

A Recent Chinese Hack Is a Wake-up Call for the Security of the World’s Software Supply Chain – The Diplomat

/in


No one knows, not even the ghosts (人不知,鬼不觉)
-Chinese idiom

It’s perhaps only a coincidence that there’s a famous Chinese saying that neatly summarizes a recent hack on MiMi, a Chinese messaging app. According to recent reports, a Chinese state-backed hacking group inserted malicious code into this messaging app, essentially pulling off the equivalent of the infamous SolarWinds hack. Users of MiMi were served a version of the app with malicious code added, thanks to attackers taking control of the servers that delivered the app. In short, this was a software supply chain attack in which the software delivery pipeline was compromised.

And no one knew for months.

This hack hasn’t gotten much press in Western media, potentially because this appears to be an example of Chinese state surveillance on targets that aren’t in the United States or Europe. That’s a shame because this attack points to a growing trend of software supply chain attacks, even by the Chinese government. Consequently, Western companies and governments should take note and begin preparing defenses.

Admittedly, not all of the details are known (or will ever be known), but forensic code analysis indicates that a particular Chinese state-backed hacking group (sometimes called Lucky Mouse or Iron Tiger) likely took control of servers that allowed users to download the MiMi Chinese chat application, which is aimed at Chinese-speaking users. The hackers then switched out the original software with a malicious version, adding code into the application that fetched and installed malware.

Enjoying this article? Click here to subscribe for full access. Just $5 a month.

At that point, the malware, unknown to the user, allowed the attackers to monitor and control the software remotely. This appears to have happened in late 2021 and through the summer of 2022. Interestingly, neither the legitimate application nor the malware were digitally signed, which meant that users had no way of knowing that this software was malicious.

Observers could be forgiven for…

Source…