Executive Viewpoint 2018 Prediction: WatchGuard Technologies – Hackers Will Skirt Security with Software Supply-chain Attacks
Supply-chain tactics have been a rapidly growing trend among many cyber-attacks over the years. What are supply-chain attacks? Savvy criminals leverage the increased privileges you often extend to your business partners and the inherent trust you place in your software applications in order to avoid detection as they gain access to your organization. Perhaps the most notorious supply-chain attack would be the Target breach, which was carried out through an unknowing HVAC partner several years back. However, 2017 saw a noticeable increase in attacks that take advantage of one specific supply-chain – your software update supply-chain.
Today, many legitimate software packages offer update mechanisms, which are often automated. When you trust a particular software package, you usually trust these update mechanisms, especially because security experts often recommend that businesses should continually update software to patch potential vulnerabilities before they result in a breach. Unfortunately, 2017 saw at least three very public incidents in which sophisticated threat actors exploited legitimate software update supply-chains to deliver malware.
The first was NotPetya, where attackers leveraged a popular Ukrainian tax and accounting program’s update process to deliver fake ransomware that affected tons of organizations around the world. Next, hackers infected the official, digitally signed installer for Ccleaner—a very popular Windows utility—to deliver sophisticated malware. Unfortunately, over 2.7 million users downloaded the infected installer, making it an especially traumatic attack. Finally, cyber criminals also infected a fairly popular Mac video program called Elmedia Player with an OS X Trojan. These attacks were all over the news this year, bringing greater attention to the perils of software supply chain hacks today.
In 2018, we expect to see a continued increase in these types of attacks. As network and endpoint security solutions get more sophisticated, criminals have to find new advanced techniques to evade detection. Many operating systems and security products treat software with an official digital signature by a known and trusted vendor differently than unknown programs. Attaching malware to these legitimate programs is one effective way hackers are using to skirt malware security controls. Though these sorts of software supply-chain attacks require hackers to deeply infiltrate software vendors, we expect sophisticated attackers to continue to target the software supply-chain in 2018 and beyond.
So, what can you do?
Depending on how it’s delivered, malware sent through a legitimate update channel may evade network-based antivirus (AV) and malware detection solutions. However, when malware is installed locally, endpoint security solutions can detect it. Consider deploying advanced threat solutions for endpoints, as they can be an effective way to identify and stop malware delivered through the software supply-chain. Additionally, when thinking about preventing software supply-chain attacks, take a second look at your AV solution. Advanced AV services that use behavioral analysis are more likely detect malicious behaviors added to otherwise good and trusted software than traditional, signature-based AVs.