We like to think that APTs and threat groups are distinct. But the lines are getting blurrier, and in some places have been for a while. Why not share the tools, toys and tactics when it just makes for better mayhem at less cost? Great findings and lessons shared by both teams at Google and Microsoft. Microsoft provides details on the use of “Comebac” malware and Visual Studio. Key takeaways: security researchers are prime targets, state-sponsored attacks invest the time and effort on selected targets to bypass all defences – even gut instinct.
In light of the above item, and ongoing SolarWinds discoveries – because we knew that was going to go much deeper than what was already apparent – supply chain attacks continue to evolve and evade. Given our rush to the cloud, and the pandemic-driven need for everything online, organizations are relying ever more on third parties and online resources. Supply chain weaknesses are now even bigger opportunities for attacks.
Look no further than the carefully crafted code injection by Magecart groups to position web skimmers where they went undetected and led to massive breaches and paydays. Imitation is the sincerest form of flattery and North Korean APTs have followed suit.
There are some solid suggestions in this piece on securing third-party code, and care with automated software updates. Understand your attack surface in terms of your potential supply chain weaknesses and third party code exposures.