The increasing number of software supply chain attacks has reached an alarming state and created a devastating experience for a company. It is reported that 3 out of 5 companies faced software supply chain attacks, some of which were major, and some could not create much impact. Let us learn more about the significant attacks we saw in the last decade.
These are unprecedented attacks when hackers infiltrate a software's coding and hamper its quality before reaching consumers. In significant cases, attackers prefer to exploit well-established open-source software and compromise its natural functioning to usurp customers' data or the entire IT system.
The main reason for this kind of attack is the high competition of business organizations to stay ahead of their peers. They tend to expedite the software release cycle and don't provide adequate time for the developers and QAs to find any vulnerability before its launch. So, the newly launched software lacks the developers' patch or hotfix and becomes susceptible to hackers' attacks.
However, one thing is essential to note: conducting software chain attacks requires years of technical aptitude. So, they are not easy to execute. But organizations must stay alert when they take service from third-party software providers. Many third-party software providers ask for access and demand frequent communication between the vendor's network and its software installed on customers' systems. This may lead to software supply attacks and various malicious activities such as financial loss, data manipulation, etc.
SolarWinds have faced one of the most distressing damage due to software supply chain attacks recently. SolarWinds is a software organization that majorly deals in system management tools for IT professionals. Its most popular product is Orion, a Network Management System. According to the experts, software delivered by SolarWinds was affected by malware which collected sensitive information wherever it was installed. Attackers placed Sunspot malware into Orion, which was used by over 18,000 Government and private customers. The attacker was closely linked with the Russian Foreign Intelligence Service.
The result was devastating as 20% of US Government organizations were affected, and even their emails were missing from the systems.
Kaseya is an international company that provides IT solutions, compliance systems, a service desk, and a reliable automation platform. REvil group injected ransomware in Kaseya's VSA software, resulting in downtime for 1000 companies. The attacking group demanded a $70 million ransom to deliver a universal decryptor that would unlock ransomware-affected systems. But luckily, Kaseya did not have to pay the ransom as it got help from a third party to restore files.
This is one of the high-profile software supply chain attacks of the decades for its uniqueness of approaches. ASUS users were targeted in this attack, and nearly 1 million were affected. These users fell victim to the attacker's critical code signing keys. The executable files were downloaded from a reputable and well-known corporation's official website, even though some looked to contain dangerous malware. The binary was modified by malicious attackers, according to experts.
A.P. Moller-Maersk, a global shipping firm, was highly affected by the NotPetya virus, which resulted in the entire operation being put on hold. Their phones were not connecting, and terminal gates also stopped working.
The impact was dreadful as around 4,000 servers and 45,000 personal computers were inaccessible. The company couldn't have done anything in over a week.
The reason behind this attack was that the least three versions of the third-party accounting software they used had backdoors that gave the NotPetya malware access to the source code. The damage that it caused cost around $10 billion.
The famous computer cleaning application CCleaner has been plagued with malware for over a month. People were downloading software updates from Avast, the security company that owns CCleaner, which contained a backdoor for malware. Millions of computers were endangered by carelessness. People were shocked at such supply chain attacks, even from trustworthy and widely-used software.
Avast, the most significant threat detection network, found a malicious server associated with MonPass. According to Avast, the security breach happened earlier than the attack. Attackers first corrupted the website, then spread installer backdoored with Cobalt Strike Beacon. The research team of Avast also found that some other types of malware came from a trusted party.
As a measure to address the issue, MonPass reported to a licensing authority. The authority took instant action and reached all users who downloaded the backdoor client.
Copay is a BCH cryptocurrency wallet and also an open-source crypto wallet run by BitPay. It runs using JavaScript, which depends on a third-party open source library. Hackers intrusively applied some harmful code to the Node.Js JavaScript software package. This highly impacted Copay and stole cryptocurrency from its wallet.
Experts believe this was a classic supply chain attack where a malefactor manipulated a third-party library. They also blamed the open-source software for this attack. One can not be sure if open-source software works as it used to in its earlier versions. That is why we need to be alert while using any open-source software.
ShushiSwap is a DeFi platform that helps users earn, lend, and borrow crypto assets. A software supply chain attack attacked the company's MISO platform. The attacker was with the GitHub handle and intrusively accessed the code of the project repository. A malicious code commit was generated on the platform's front end.
The attacker stole $3 million on Ethereum using a GitHub commit and affected a large number of consumers to get involved. The hacker installed his wallet address in the MISO platform and replaced the auction wallet at the auction creation. He successfully stole 864.8 Ethereum coins from his wallet.
Passwordstate is an organization where various companies keep their organization passwords safe. It had to face a software supply chain attack to steal passwords from its users. There were around 30 thousand users of it in the USA and Australia. The company warned its customers about this and advised them to change their passwords.
The attacker manipulated the update functionality and inserted a potentially harmful DLL to access confidential data such as usernames, passwords, etc. It is unknown how many customers got affected due to this supply chain attack.
Mimecast is an email security service provider that helps customers apply their Microsoft 365 accounts to connect to the Mimecast server. In 2021, it declared that one of its certificates necessary to authenticate customers' Microsoft365 Exchange web service was manipulated. Some threat actors behind SolarWind compromised its certificate and gave access to its customers' cloud service. The attack made numerous customers of Mimecast vulnerable and susceptible to long-term repercussions.
According to Argon Security's report, software supply chain attacks increased more than 300% from 2020 to 2021. With the rising number of attacks, experts pointed out that we need to remember a few crucial lessons to avoid them in the future:
Lesson 1: Security and Threat Detection Software are Important
Lesson 2: Lessen the Third-Party Access to Company's Data
Lesson 3: Use of Cyber Risk Management in Vendor Contract
Lesson 4: Third-Party Should Have Cyber Security
In conclusion, software supply chain attacks can be avoided if proper precautions are taken. You need to prepare for the worst things and plan accordingly. Work with your IT teams and discuss how these attacks can be limited. If your third party doesn't have cybersecurity coverage, ask them to think about it or switch to another party for a better and more secure service.
At We45, we can be your most trusted ally in product security. We can help to fortify your system against external threats and attacks and provide a complete end-to-end, tailored security solution.