Wednesday, January 6, 2021

V. Putin, supply chain hacker extraordinaire


There’s been a lot of news today (in case you hadn’t noticed), but an hour ago I read an article in the Times that, when you think about it, could potentially mean even worse news than the SolarWinds attacks. Once again, Mr. Putin has found a way to take supply chain cyberattacks to a whole new level.

Do you remember how, when the SolarWinds attacks were announced, I and others were marveling that they were so efficient? All Russia had to do was penetrate SolarWinds’ software development environment and plant malware in a patch. The patch was downloaded and applied by 18,000 organizations, although the Russians – for all their efficiency – have “only” been able to actively attack 250 of those. Just so many hours in a day, even in St. Petersburg!

However, there’s another layer they could reach: They could penetrate a developer of software development tools and plant malware in one of their tools. Then they can attack organizations that use the tool to develop software (like SolarWinds). Once in those organizations, they plant malware in the software produced by each of the organizations. And since each of those organizations itself has many customers, they could then be in a position to penetrate all of those customers. Of course, that could potentially result in a number of compromised organizations that would make SolarWinds’ 18,000 look like pocket change.

You can read the article, but here are a few highlights:

1.      The company in question is JetBrains, and the tool is TeamCity. It’s used by 300,000 businesses, and 79 of the Fortune 100.

2.      One of their customers is SolarWinds. So it’s possible that this is how SolarWinds got compromised in the first place (although that’s still very much an open question).

3.      Another customer is Siemens.

4.      The company is headquartered in the Czech Republic but has research labs in Russia.

5.      The article says “Officials are investigating whether the company…was breached and used as a pathway for hackers to insert back doors into the software of an untold number of technology companies. Security experts warn that the monthslong intrusion could be the biggest breach of United States networks in history.”

So it seems that the SolarWinds attack was the biggest supply chain attack for less than a month. Pretty tough competition! Who’s next? One thing is sure: Whoever the victim is, the winner will be Russia. They’re the champs!

Does anyone still doubt that supply chain attacks, and especially software attacks, are the biggest cybersecurity danger today?

Any opinions expressed in this blog post are strictly mine and are not necessarily shared by any of the clients of Tom Alrich LLC. If you would like to comment on what you have read here, I would love to hear from you. Please email me at tom@tomalrich.com.

 

No comments:

Post a Comment