Under Attack?

tsaro logo

Supply Chain Attack

Newsletter

November 29, 2022

Supply Chain Attack

Supply chain attacks are an emerging threat that targets software designers and suppliers. The objective is to access source codes, build processes, or update mechanisms by infecting fair apps to disseminate malware. The threats are alarming and continuously hitting the cyber market. Supply chain attacks are diverse and impact various industries. For example, the manufacturing industry has witnessed massive cyber security attacks by tampering with a company’s manufacturing processes, either by hardware or software.

Due to the weak links in the supply chain, criminals get access to organization data and systems to infiltrate overall digital infrastructure. Installing Malware at any stage of the supply chain can cause either disruptions or outages of an organization’s services. Therefore, manufacturers must be aware of many familiar sources of supply chain attacks, for example, commercial software, open-source supply chains, and foreign products.

How can TSAROLABS help manufacturers Mitigate the Risk of Supply Chain Attacks?

Know the rapidly evolving threats to stay ahead of the curve!

Hundreds of U.S. news sites drive malware in the supply-chain attack

Hackers are using the compromised infrastructure of an unrevealed media company to deploy the SocGholish JavaScript malware framework (also known as FakeUpdates) on the websites of hundreds of newspapers across the U.S.

Dozens of PyPI packages were caught dropping 'W4SP' info-stealing malware.

Researchers have discovered over two dozen Python packages on the PyPI registry pushing info-stealing malware.
Most of these contain obfuscated code that drops "W4SP" info-stealer on infected machines, while others use malware purportedly created for "educational purposes" only.

Hackers breach software vendors for Magento supply-chain attacks.

Cyberpunks have insinuated malware in multiple attachments from FishPig, a vendor of Magento-WordPress integrations that count over 200,000 downloads.
The intruders took command of FishPig's server infrastructure. Then, they counted malicious code to the merchant's software to achieve access to websites using the products in what is expressed as a supply-chain attack.

How can TSAROLABS help manufacturers Mitigate the Risk of Supply Chain Attacks?

Related tags – supplychain, risks, supplychainattack, security, infrastructure, data, malware, opensource, services

MFA & Password Managers

In this newsletter we are going to understand different types of MFA and about password managers and their safety considering recent attack on LastPass(a password manager).

So, let’s dive in..

Understanding different forms of MFA

MFA can take several different forms, including:

  • Inputting an extra PIN (personal identification number) as well as your password
  • The answer to an extra security question like “What town did you go to high school in?”
  • A code sent to your email or texted to your device that you must enter within a short span of time
  • Biometric identifiers like facial recognition or fingerprint scan
  • A standalone app that requires you to approve each attempt to access an account
  • An additional code either emailed to an account or texted to a mobile number
  • A secure token – a separate piece of physical hardware, like a key fob, that verifies a person’s identity with a database or system

Here are some types of accounts that often offer MFA. Check to see if you can turn MFA on:

  • Banking
  • Email
  • Social media
  • Online stores

You may ask, can MFA be hacked?

While MFA is one of the best ways to secure your accounts, there have been instances where cybercriminals have gotten around MFA. However, these situations typically involve a hacker seeking MFA approval to access an account multiple times and the owner approving the log-in, either due to confusion or annoyance.

Therefore, if you are receiving MFA log-in requests and you aren’t trying to log in, do not approve the requests! Instead, contact the service or platform right away. Change your password for the account ASAP. Also, if you reused that password, change it for any other account that uses it (this is why every password should be unique).

Don’t let this deter you, though. MFA is typically very safe, and it is one of the best ways you can bolster the security of your data!

null

Password Managers:

A common question is if password managers are worth the risk of using them.

The answer, in my opinion, is yes. I believe that the increase in risks a person will get from using a password manager is offset by all the advantages, which decrease and thoroughly offset the risks from the disadvantages.

Let’s look at the risks and advantages of using a password manager. They can be summed up as:

ADVANTAGES

  • Creates and allows the use of perfectly random passwords
  • Creates and allows the far easier use of different passwords for every site and service
  • Can be used to prevent password phishing
  • Can be used to simulate some MFA solutions so users do not need separate MFA programs or tokens
  • Can be shared among devices so passwords are where the user needs to use them
  • Passwords can be more easily and securely backed up
  • All passwords may be protected by MFA login requirement to password manager
  • May warn user of compromised passwords that the user was not otherwise aware of
  • Will warn user of identical passwords used between different sites and services
  • Can be shared with trusted person(s) in times of need, when original user is temporarily or permanently incapacitated or unavailable

It is a very real risk that someone’s password manager could get compromised, and from that compromise, all of the user’s passwords to all stored sites and services are stolen very quickly at once. That is a huge risk that must be measured and weighed by the admins or users who are using password managers.

DISADVANTAGES

  • User must obtain and install password manager
  • User must learn how to use password manager
  • It may take a user longer to create or input a password using a password manager (but not always true)
  • Subject to attacks
  • Password managers do not work with all programs or devices
  • If access to the password manager cannot be done (e.g., corruption, lost login access, etc.), the user loses all access to all login information contained therein at once
  • If attacker compromises the password manager, the attacker can possibly access and obtain all of the user’s passwords (and sites they belong to) at once

It is the last issue that presents the biggest risk in most concerned user’s minds — single point of failure.

 

WHY EVERYONE SHOULD USE A PASSWORD MANAGER FOR THEIR PASSWORDS

Despite this big risk, I think everyone should use a password manager for their passwords (if phishing-resistant MFA cannot be used). This is because the two biggest risks to passwords (after social engineering theft) is from passwords stolen from a site or service that the user uses and weak passwords that can be guessed and hacked. According to the National Institute of Standards and Technology (NIST) and other password authorities, the biggest risk of passwords is password reuse across non-related websites and services and users creating “password patterns”, which can be predicted by hackers.

The average user has four to seven passwords that they use across over a 170 sites and services. Those are a lot of identical passwords being used where they should not be. The problem is that once a hacker compromises one or a few of your websites (which you often are not even aware of), the hacker gets your password and then uses them across your other sites and services. One or a few compromises leads quickly to a whole bunch of more compromises. This is considered they major password risk after social engineering your password. And password managers get rid of this risk.

null

SOCIAL ENGINEERING IS THE BIGGEST RISK

The biggest risk of any password is the user being social engineered out of it. Password theft from social engineering is involved in about half of all successful password attacks. Most password managers allow you to log into your site or service from within the password manager and the password manager will only take you to the true, legitimate site or service. This prevents the most common type of password social engineering attack, where the attacker sends you a social engineering email containing a rogue URL link, which tries to trick you into revealing your legitimate credentials to a bogus, fake website.

So, in review on the benefits of password managers, they mitigate the biggest password attacks (e.g., social engineering, guessing/cracking and reuse). Any password expert would tell you those three types of password attacks present the majority of password risks. And for that reason, everyone should use a password manager, or at least strongly weigh it against the big risk of a single-point-of-failure.

It is up to you whether you put your faith, or the faith of your users, into a password manager. Try to get them moved over to phishing-resistant MFA, if you can, first. But if the site or service will not work with phishing-resistant MFA, consider using a password manager. They are becoming more recommended by more password experts every day.

Thanks for reading.

Cybersecurity: Address it completely to avoid regrets

Cybersecurity is nowadays the most crucial issue. The digital grounds and the mobile servers include a large amount of data that requires constant security from cyber crimes and online fraud. Criminal offenses are increasing daily, and most people’s data is at stake. Lately, Optus reported a serious cyberattack involving data breaching of almost 90% of the Australian population, and Tata Power has also written cyber attacks.

TSARO LABS is trying to stop cyber crimes. Its development approach provides stable, secure, and performant solutions with increased security uptake in prevention, detection, and resolution using AGILE practices and tools.

Tata Power

One of the leading power generation companies in India, Tata Power recently reported a cyberattack.

In a brief statement released on Friday, the Mumbai-based company said that the attack impacted some of its IT systems.

“The company has taken steps to retrieve and restore the systems. All critical operational systems are functioning; however, as a measure of abundant precaution, restricted access, and preventive checks have been put in place for employee and customer-facing portals and touchpoints,” it said in its filing with local stock exchanges.

War-front

Microsoft reported that the Prestige ransomware is used as a weapon to target transportation and logistics organizations in Ukraine and Poland in ongoing attacks.

This new ransomware was first used in the wild on October 11, in attacks detected within an hour of each other.

Attackers were seen deploying the ransomware payloads across their victims’ enterprise networks, a tactic very rarely seen in attacks targeting Ukrainian organizations.

Update from INTERPOL

INTERPOL has arrested over 70 suspected members of the ‘Black Axe’ cybercrime syndicate, with two believed to be responsible for $1.8 million in financial fraud.

The suspects were arrested on the grounds of ‘Operation Jackal,’ an international law enforcement operation between September 26 and 30, 2022, in South Africa.

Black Axe was founded in 1977 in Nigeria and is mentioned as one of the most brutal and dangerous crime syndicates.

CLFS

Common Log File System (CLFS) has recently reported a flaw that could be used by an attacker to achieve login permission in restricted Machines.

The company noted in its advisory that “An attacker must already have access and the ability to run code on the target system.” “This technique does not allow for remote code execution in cases where the attacker does not already have that ability on the target system.

Get a Consultation

Discover the many ways to enhance your organization security posture with TSARO Labs
Select service*