Newsletter
November 29, 2022
Supply Chain Attack
Supply chain attacks are an emerging threat that targets software designers and suppliers. The objective is to access source codes, build processes, or update mechanisms by infecting fair apps to disseminate malware. The threats are alarming and continuously hitting the cyber market. Supply chain attacks are diverse and impact various industries. For example, the manufacturing industry has witnessed massive cyber security attacks by tampering with a company’s manufacturing processes, either by hardware or software.
Due to the weak links in the supply chain, criminals get access to organization data and systems to infiltrate overall digital infrastructure. Installing Malware at any stage of the supply chain can cause either disruptions or outages of an organization’s services. Therefore, manufacturers must be aware of many familiar sources of supply chain attacks, for example, commercial software, open-source supply chains, and foreign products.
How can TSAROLABS help manufacturers Mitigate the Risk of Supply Chain Attacks?
- Evaluate the Risk of Third Parties by complying with appropriate cybersecurity regulations, conducting self-assessments and audits, and investing in proper cyber insurance.
- Limit Users' Ability to Install Shadow IT (Unapproved Software) and Audit Unapproved Shadow IT Infrastructure
- Include Appropriate Termination Clauses in Vendor Contracts
- Review Access to Sensitive Data
- Secure IoT Devices
- Continually Monitor and Review Cybersecurity
- Build Secure Software Updates as Part of the Software Development Life Cycle
- Use Strong Code Integrity Policies To Allow Only Authorized Apps To Run
- Using client-side protection tools to filter downloaded content, looking for—and stopping—malicious code before it gets installed on a machine on your network.
Know the rapidly evolving threats to stay ahead of the curve!
Hundreds of U.S. news sites drive malware in the supply-chain attack
Hackers are using the compromised infrastructure of an unrevealed media company to deploy the SocGholish JavaScript malware framework (also known as FakeUpdates) on the websites of hundreds of newspapers across the U.S.
Dozens of PyPI packages were caught dropping 'W4SP' info-stealing malware.
Researchers have discovered over two dozen Python packages on the PyPI registry pushing info-stealing malware.
Most of these contain obfuscated code that drops "W4SP" info-stealer on infected machines, while others use malware purportedly created for "educational purposes" only.
Hackers breach software vendors for Magento supply-chain attacks.
Cyberpunks have insinuated malware in multiple attachments from FishPig, a vendor of Magento-WordPress integrations that count over 200,000 downloads.
The intruders took command of FishPig's server infrastructure. Then, they counted malicious code to the merchant's software to achieve access to websites using the products in what is expressed as a supply-chain attack.
How can TSAROLABS help manufacturers Mitigate the Risk of Supply Chain Attacks?
- Evaluate the Risk of Third Parties by complying with appropriate cybersecurity regulations, conducting self-assessments and audits, and investing in proper cyber insurance.
- Limit Users' Ability to Install Shadow IT (Unapproved Software) and Audit Unapproved Shadow IT Infrastructure
- Include Appropriate Termination Clauses in Vendor Contracts
- Review Access to Sensitive Data
- Secure IoT Devices
- Continually Monitor and Review Cybersecurity
- Build Secure Software Updates as Part of the Software Development Life Cycle
- Use Strong Code Integrity Policies To Allow Only Authorized Apps To Run
- Using client-side protection tools to filter downloaded content, looking for—and stopping—malicious code before it gets installed on a machine on your network.
Related tags – supplychain, risks, supplychainattack, security, infrastructure, data, malware, opensource, services