Checkmarx Discovers Supply Chain Attacks Targeting Banks
check marks discovered a new sophisticated cyberthreat targeting the banking sector.
Researchers from a security testing firm have detected two different open source software supply chain attacks targeting financial institutions. These attacks involve sophisticated techniques and deceptive tactics that have set off alarm bells among cybersecurity experts.
Attack 1: NPM
The first attacks occurred on April 5th and 7th, when attackers abused the NPM platform by uploading packages containing pre-installation scripts designed to perform malicious activity upon installation.
Notably, the contributors behind these packages were linked to fake LinkedIn profiles posing as employees of the targeted banks. Banks were unaware of the activity and quickly became victims.
This multi-stage attack involved identifying the victim’s operating system, decrypting encrypted files within the NPM package, and downloading a second stage malicious binary onto the victim’s system. Linux-specific encrypted files evaded detection by widely used antivirus services and allowed the attacker to remain covertly present on her Linux system.
Additionally, the attackers took advantage of Azure’s CDN subdomains to deliver second-stage payloads and abused legitimate domains to bypass traditional defense mechanisms.
Havoc Framework is a powerful post-exploit command and control tool that played a key role in evading detection.
Attack 2: Good payload integration
In February 2023, another group of cybercriminals used a unique approach to target another bank.
The attack involved uploading a package to NPM containing a carefully crafted payload embedded on the victim’s bank’s website. The malicious code sits dormant and upon activation intercepts login data and sends it to a remote location.
Evolving Supply Chain Security
These attacks highlight the inadequacy of traditional vulnerability scanning at the build level. As soon as a malicious open source package enters the software development pipeline, it becomes an immediate compromise, rendering further countermeasures ineffective.
Industry-wide collaboration and proactive security measures throughout the software development lifecycle (SDLC) are essential to better defending against these evolving threats.
Organizations should distinguish between normal vulnerabilities and malicious packages and employ an integrated security architecture to proactively prevent intrusions.
more attacks
Experts predict the trend of attacks against the banking sector’s software supply chain will continue.
As cyber threats become more sophisticated, continuous vigilance, adaptation and knowledge sharing remain critical to safeguarding the cybersecurity ecosystem. The banking industry in particular needs to recognize the urgent need to strengthen its defenses against these relentless adversaries.
Collaborative efforts and proactive security measures are key to maintaining a safe and secure software supply chain environment. By staying ahead of emerging threats and learning from past attacks, the industry can build a stronger and more resilient cybersecurity environment.
(Image credit: check marks)
See also Sonatype finds more malicious PyPI and npm packages
Want to learn more about cybersecurity and the cloud from industry leaders? check out CYBER SECURITY & CLOUD EXPO It will be held in Amsterdam, California and London.The event will be held at the same time as digital transformation week.
Check out other upcoming enterprise technology events and webinars from TechForge. here.
https://www.developer-tech.com/news/2023/jul/21/checkmarx-uncovers-supply-chain-attacks-targeting-banking/ Checkmarx Discovers Supply Chain Attacks Targeting Banks
