HQ/EMEAFind out how we can help your business
Researchers have claimed that the OSS supply chain attacks have infected the banking sector for the first time. According to reports, the attack allowed the hackers to overlay the banking websites discreetly.
These recent incidents occurred when entities globally recovered from the disaster caused by the MOVEit Transfer flaw.
The OSS supply chain attacks appeared in the first half of this year.
Investigations showed that the OSS supply chain attacks emerged within the first half of 2023. The attacks displayed sophisticated techniques, such as targeting specific components in a target bank’s web assets by appending malicious functionalities.
The first supply chain attack happened between April 5 and 7. The threat actors during the attack posed as employees of the targeted bank and uploaded malicious packages that contained pre-installed scripts onto the NPM registry. Moreover, the attackers generated a fake LinkedIn page for the fake bank employee to avoid suspicion.
The attack’s script also determined the types of Operating Systems used by the targeted system after execution. Next, the campaign downloaded a second-stage malware from a remote server through a subdomain on Azure that utilised the name of the banking firm.
In the second phase of the attack chain, the threat actors used an advanced post-exploitation tool called the Havoc framework to bypass security defences, such as Windows Defender.
On the other hand, a similar attack also occurred last February. The adversaries leveraged malicious code to an NPM package that blended into the targeted bank’s website and remained silent until it received commands to execute the attack.
The threat operators for the second incident designed the malicious code to stealthily intercept login information and exfiltrate the credentials into an attacker-controlled infrastructure.
Researchers noted that organisations primarily focus on scanning for vulnerabilities when packages arrive at the Software Development Lifecycle (SDLC) building level. Unfortunately, these protocols are not substantial in preventing modern, sophisticated cybersecurity threats.
Cybersecurity experts expect these attacks to increase in such a sector steadily. Hence, organisations should employ the most sophisticated threat alerting system and sharing platforms that could allow them to spot risks and execute threat assessments on the spot.
