Tag Archive for: supply

WordPress sites backdoored after FishPig supply chain attack • The Register

/in


It’s only been a week or so, and obviously there are at least three critical holes in WordPress plugins and tools that are being exploited in the wild right now to compromise loads of websites.

We’ll start with FishPig, a UK-based maker of software that integrates Adobe’s Magento ecommerce suite into WordPress-powered websites. FishPig’s distribution systems were compromised and its products altered so that installations of the code semi-automatically downloaded and ran the Rekoobe Linux trojan.

Infosec outfit Sansec raised the alarm this week that FishPig’s software was acting weird: when a deployment’s control panel was visited by a logged-in Magento staff user, the code would automatically fetch and run from FishPig’s back-end systems a Linux binary that turned out to be Rekoobe. This would open a backdoor allowing miscreants to remotely control the box.

After that, the crooks could snoop on customers, alter or steal data, and so on.

Per FishPig’s disclosure, its products were altered as early as August 6, and the offending code has since been removed. We’re told that the paid-for versions were primarily affected. Free versions of FishPig modules available on GitHub were likely clean.

If you’re using FishPig’s commercial software, you should reinstall the tools and check for signs of compromise.

According to FishPig, it’s “best to assume that all paid FishPig Magento 2 modules have been infected.” It’s not known exactly how many customers were caught up in the supply-chain attack, though Sansec said the company’s free Magento packages have been collectively downloaded more than 200,000 times. That doesn’t necessarily mean there’s a comparable number of paid users, though it gives you an idea of the interest in FishPig’s tools.

While it’s not known exactly how the attackers broke into FishPig’s back-end servers, the outcome was…

Source…

A Recent Chinese Hack Is a Wake-up Call for the Security of the World’s Software Supply Chain – The Diplomat

/in


No one knows, not even the ghosts (人不知,鬼不觉)
-Chinese idiom

It’s perhaps only a coincidence that there’s a famous Chinese saying that neatly summarizes a recent hack on MiMi, a Chinese messaging app. According to recent reports, a Chinese state-backed hacking group inserted malicious code into this messaging app, essentially pulling off the equivalent of the infamous SolarWinds hack. Users of MiMi were served a version of the app with malicious code added, thanks to attackers taking control of the servers that delivered the app. In short, this was a software supply chain attack in which the software delivery pipeline was compromised.

And no one knew for months.

This hack hasn’t gotten much press in Western media, potentially because this appears to be an example of Chinese state surveillance on targets that aren’t in the United States or Europe. That’s a shame because this attack points to a growing trend of software supply chain attacks, even by the Chinese government. Consequently, Western companies and governments should take note and begin preparing defenses.

Admittedly, not all of the details are known (or will ever be known), but forensic code analysis indicates that a particular Chinese state-backed hacking group (sometimes called Lucky Mouse or Iron Tiger) likely took control of servers that allowed users to download the MiMi Chinese chat application, which is aimed at Chinese-speaking users. The hackers then switched out the original software with a malicious version, adding code into the application that fetched and installed malware.

Enjoying this article? Click here to subscribe for full access. Just $5 a month.

At that point, the malware, unknown to the user, allowed the attackers to monitor and control the software remotely. This appears to have happened in late 2021 and through the summer of 2022. Interestingly, neither the legitimate application nor the malware were digitally signed, which meant that users had no way of knowing that this software was malicious.

Observers could be forgiven for…

Source…

HPE extends Trusted Supply Chain initiative globally for ProLiant servers

/in


Hewlett Packard Enterprise Co. is making a global push for supply chain security in its server line.

Two years ago, HPE launched its Trusted Supply Chain initiative to advance end-to-end security in servers for U.S. federal and public sector customers. This month, HPE is announcing an expansion of this program globally for its ProLiant server portfolio.

“We have launched a comparable service globally called HPE Server Security Optimization Service for ProLiant,” said Cole Humphreys (pictured, right), global server security product manager at HPE. “We can deliver it in the European markets and now in the Asia-Pacific markets. It is a big deal for us, because now we have activated a meaningful supply chain security benefit for our entire global network of partners and customers.”

Humphreys spoke with Lisa Martin, industry analyst for theCUBE, SiliconANGLE Media’s livestreaming studio. He was joined by Ann Potten (pictured, left), trusted supply chain program lead at HPE, and they discussed rising costs of cybercrime, a 360-degree approach to computer security, new tools for component tracking, and protection for hardware end-of-life. (* Disclosure below.)

Supply chain risk

HPE’s drive for meaningful supply chain security comes at a time when the topic is generating significant enterprise interest. Recent compromises of the software supply chain, through exploits such as the SolarWinds attack, have led to greater awareness of software and hardware components.

HPE’s Trusted Supply Chain initiative in 2020 focused on providing customers with cyber assurance to ensure they were receiving verifiably authentic and uncompromised products. The cost of ransomware attacks and breaches has escalated since then, and HPE is seeking to expand enterprise protection.

“It’s estimated that cybercrime cost will reach over $10.5 trillion by 2025 and will be even more profitable than the global transfer of all major illegal drugs combined,” Potten said. “The SolarWinds software supply chain was attacked two years ago, which unfortunately went unnoticed for several months. These things together and coming from multiple directions presents a cybersecurity challenge for an…

Source…

Why Hackers are Increasingly Targeting Digital Supply Chains

/in


For a large majority of the world, the SolarWinds hack in December 2020 was the first real introduction to digital supply chains and their vulnerabilities. But the reality is that hackers increasingly have been vested in software supply chain attacks, which increased 650% from July 2019 to May 2020 alone.

Likewise, data from Netscout’s 2H 2021 Threat Intelligence Report shows that hackers remain laser-focused on attacking the digital supply chain. Specifically, there was a 606% increase in attacks against software publishers from 1H 2021, as well as a 162% increase in attacks on computer manufacturers and a 263% increase against computer storage manufacturing. 

When hackers focus so much attention on attacking a particular area, it’s important to understand what it is and how your company can protect against such attacks.

Why Hackers Attack Supply Chains

A supply chain attack enables malefactors to compromise enterprise networks by attacking connected applications or services owned or used by outside partners, such as suppliers. Using the SolarWinds attack as an example, hackers focused their attentions on SolarWinds in order to gain access to a list of lucrative suppliers and customers.

In other words, a supply chain attack may start several companies removed from the intended target, making it harder to spot. Such attacks also are becoming harder to trace because many are carried out using open-source tools that are publicly available.

Perhaps more frustratingly, companies often don’t consider the risk serious enough to protect themselves against it. In a survey of executives from leading companies in the UK, 91% said cyberattacks are a high or very high risk to their business. Nevertheless, nearly a third admit to taking no action on supply chain security, and only 69% say they’re actively managing supply chain risks.

In its November 2021 report on supply chain cybersecurity, the UK’s Department for Digital, Culture, Media & Sport (DCMS) found that the biggest challenges to acting on digital supply chain risks were establishing control of the supply chain (86%) and the need to improve, evolve, and maintain security (85%). Likewise,…

Source…