SECURITY
SECURITY
SECURITY
Checkmarx details first open-source supply chain attacks against the banking sector
A new blog post today from application security testing firm Checkmarx Ltd. details the first known open-source supply chain attacks against the banking sector.
An open-source software supply chain attack is a cybersecurity threat where attackers infiltrate software systems by exploiting vulnerabilities in the open-source components the software relies on. In the first half of 2023, several attacks specifically targeting the banking sector were detected by Checkmarx’s Supply Chain research team that used this method.
The supply chain attacks are said to have exhibited advanced and highly sophisticated techniques. Those behind the attacks targeted specific components within the web assets of the targeted banks, attaching malicious functionalities to these elements. The use of such targeted, component-specific strategies is noted in the report to signal a shift toward more precision-oriented cyberattacks, indicating a high level of planning and execution on the part of the cyber criminals.
Because cybercriminals are always trying to avoid attention, the attacks employ an array of deceptive tactics. Some of the attacks involved the creation of fake LinkedIn profiles to maintain a façade of credibility, a step designed to trick even the most vigilant observers.
The attackers also set up customized command-and-control centers for each of their targets, highlighting a high level of customization in their attack strategies. The level of personalized approaches in cyberattacks is argued to require vigilance and reinforced cybersecurity measures from the banking sector.
Additionally, the Checkmarx team uncovered the use of the Havoc Framework to bypass stringent security measures. The Havoc Framework is an open-source repository C2 framework that is used by threat actors as an alternative to Cobalt Strike and Brute Ratel. The threat actors upload carefully crafted payloads of malicious code to Node Package Manager, blending in with a victim’s website and making the malicious code very difficult to detect.
“Our primary intention with this blog [post] is to shine a light on the Tactics, Techniques and Procedures we’ve observed and foster collective understanding and awareness of these emerging threats,” the post concludes. “The need of the hour is to stay vigilant, continuously evolve our defenses and stay a step ahead of the threat actors.”
Image: Bing Image Creator
A message from John Furrier, co-founder of SiliconANGLE:
Support our open free content by sharing and engaging with our content and community.
Join theCUBE Alumni Trust Network
Where Technology Leaders Connect, Share Intelligence & Create Opportunities
11.4k+
CUBE Alumni Network
C-level and Technical
Domain Experts
15M+
theCUBE
Viewers
Connect with 11,413+ industry leaders from our network of tech and business leaders forming a unique trusted network effect.
SiliconANGLE Media is a recognized leader in digital media innovation serving innovative audiences and brands, bringing together cutting-edge technology, influential content, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — such as those established in Silicon Valley and the New York Stock Exchange (NYSE) — SiliconANGLE Media operates at the intersection of media, technology, and AI. .
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a powerful ecosystem of industry-leading digital media brands, with a reach of 15+ million elite tech professionals. The company’s new, proprietary theCUBE AI Video cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
