The Major Cyber Espionage vs Supply Chains Apps is Coming

The United States, through its intelligence agencies, has uncovered a major cyber espionage vulnerability against software-based supply chain software. A supply chain attack refers to a cyber attack of unauthorized penetration of the supply chain network in order to farm information usable by 3rd parties. The announcement highlighted the cyber capabilities of Iran, China, and Russia to launch a nation-state supported cyber espionage activity targeting various supply chain-using firms, mostly those operating in the US.

As per statistics, last year, 2017 was an unprecedented period of supply chain attacks, seven cases overall. This huge increase in incidents is clearly visible given that from the year 2014 and 2016, only four incidents have been recorded. William Evanina, US NCSC director confirmed: “Software supply chain infiltration is one of the key threats that corporations need to pay attention to, particularly how software vulnerabilities are exploited. To get around increasingly hardened corporate perimeters, cyber-actors are targeting supply chains. The impacts to proprietary data, trade secrets, and national security are profound.”

A popular method of penetration technique is to hijack a legitimate program, creating a program that still works as advertised but loaded with a malicious payload. The CCleaner program hijacking incident of September 2017 is a glaring example, as many enterprise system administrators use it for cleaning-up junk files in Windows. Those individuals and organizations who downloaded the trojanized CCleaner app became a victim of cyber espionage. Huge global corporations such as Intel, Fujitsu, VMware, Asus, Samsung, and OS were affected.

Tax software can also be compromised to gather information about the target company, and sending those confidential data to the virus authors. A similar incident happened in Ukraine, where a tax management software was trojanized, enabling the perpetrator to farm information, the incident is named NotPetya attack.

The goal of the unlawful penetration is to capture valuable data, the malware will try everything to evade detection. However, some of the malware authors choose to include a damaging payload of reformatting the machine if an antivirus program detected the malware. An antivirus program is only effective if it can stop the malicious process from executing, however, the cybercriminals are anticipating the actions of the antivirus software during its initial infection. This proactive approach enables malware to disable the real-time protection of the virus, from that point the user believes the antivirus software is still protecting the machine, although it no longer is.

The United States government under President Donald Trump wants to keep foreign software from rogue states from being used with local enterprises. He considers Russian-made programs such as Kaspersky as a threat to the US cyberinfrastructure. The US government’s position has been finalized when last December, President Trump signed a law that bans Kaspersky antivirus product from any US Government agencies.

“The case against Kaspersky is well-documented and deeply concerning. This law is long overdue,” said Senator Jeanne Shaheen, a Democrat Senator, emphasizing the risk of using Russian software to America’s national security. As a reply, Kaspersky Labs filed a case against the US administration in the US Federal court, citing the lack of due process. “(The) Department of Homeland Security has harmed Kaspersky Lab’s reputation and its commercial operations without any evidence of wrongdoing by the company,” explained Eugene Kaspersky, the firm’s founder.