Friday, July 23, 2021

Supply chain attacks are on the rise: NCSC warns

Must Read

Google launches Cloud Armor Adaptive Protection Technologies to prevent DDoS attacks

Google LLC said now it is progressing smart automation inside its cloud network security controls within its continuing mission...

NimzaLoader malware was written Nim Programming Language to be less detected

NimzaLoader malware is unusual because it's written in a programming language rarely used by cybercriminals - which could make...

Cyber Criminals Exploit zero-day vulnerability in FTA servers for Data Theft and Extortion

Cybersecurity company FireEye said today cybercriminal gang known as FIN11 performed a zero-day attack on Accellion FTA servers that...

Addressing big business and government agencies, the UK’s National Cyber ​​Security Center (NCSC) has issued a warning that attacks on software pipelines “could have a significant impact.”

The compromise of SolarWinds’s updates, which the US says was “likely” carried out by Russian hackers as part of a broader campaign, has put the software supply chain and software development processes in the spotlight. It wasn’t the first software supply chain attack, but Microsoft has called it the “biggest attack ever to happen in the world.”

The NCSC does not name SolarWinds but notes that the software development process is often “overlooked” despite broad awareness of software developers’ security.

It states that automated software development with continuous integration and continuous delivery (CI / CD), a popular development method with standard updates that test built-in security, can be a great way to protect the software pipeline.

“It is important that the pipeline is well protected, and that it protects the construction of each of the existing structures,” the NCSC said.

The key message here is to ensure that the different structures are adequately separated from each other to ensure that if some systems are damaged, each construction is protected from the other.

Organizations that take advantage of automated software development also need to ensure that processes can reflect the compulsion of security tests – or that testing will not be too expensive.

Attackers who compromise the software development pipeline may: add malicious code to software built and used by that pipeline, access any secrets used by the pipeline, and get access to other sources of source code and locations.

“The pipeline needs to be protected from the most effective invasion of the environment,” notes the NCSC.

Its recommendations are very consistent with Microsoft, Google, and the NSA. These include using multi-item authentication, designing system access with a minimum right, and using network security and monitoring attacks.

But the NCSC also has advice on how organizations should choose concrete equipment for development work.

“Performing each build on a single-use machine will make it very difficult to build one and attack another using shared Hardware (such as CPU), and the two that make up the OS kernel sharing will have many distractions,” NCSC Notes.

“If a builder can access information stored in another building (such as their source code or create art objects), then it can steal secrets or alter what builds.”

By verifying software development integrity, the NCSC warns companies to ensure the use of encrypted downloads from the code shelter and when architecture is sent to the archive, where they are still distributed in storage.

Defending against supply chain attacks is more than trying to stop the theft of encryption keys to access protected cloud resources.

Finally, organizations should use cryptographic checksums to record data processed by the pipeline.

Priyanshu Vijayvargiya
Founder and Editor-in-Chief of 'Virtualattacks Inc' Priyanshu Vijayvargiya is a cybersecurity analyst, Information Security professional, developer, and a white hat hacker.


Please enter your comment!
Please enter your name here

Latest News

OAIC: Uber found to have interfered with the privacy of over 1.2 million Australians

The Office of the Australian Information Commissioner (OAIC) has determined that Uber Technologies, Inc. and Uber B.V. have interfered...

Over 80 US Municipalities data are exposed due to Misconfigured Amazon S3

A team of Cybersecurity researchers at Wizcase found major data exposure of Over 80 US Municipalities due to the Misconfigured Amazon S3 Bucket. This happened...

Formbook malware Upgraded as an XLoader malware to Attack macOS Systems

Researchers have spotted an upgraded malware variant of Formbook malware which is now Upgraded as an XLoader malware to Attack macOS Systems. Cybersecurity researchers on...

Millions of HP, Samsung, Xerox Printers are Vulnerable to 16 year old bug

A 16-year-old security vulnerability affects Millions of HP, Samsung, Xerox Printers Driver allows attackers to gain admin rights on systems using the vulnerable driver...

MosaicLoader malware targets cracked software via SEO poisoning

New MosaicLoader malware targets users that are searching to download cracked software. Cybercriminals run ad campaigns in search engine results to boost their malicious...

More Articles Like This