Last year 2016 was the worst year in history of Internet. As there were numerous data breach notification which effects trillion of Internet users.
But among all those data breach, internet had missed another biggest one. Yesterday security journalist Brain Krebs had wrote a blog post making a light on a topic that was discussed on RSA security conference, held in San Francisco last week.
The report presented on RSA was of the threat from a malware operation the company dubbed “Kingslayer.” According to RSA, the attackers compromised the Web site of a company that sells software to help Windows system administrators better parse and understand Windows event logs.
After hack, attack was for two weeks over the server, but he/she had done huge task at that duration. Hacker had compromised the download page for this software package, and also hacked the company’s software update server, meaning any company that already had the software installed prior to the site compromise would likely have automatically downloaded the compromised version when the software regularly checked for available updates.
RSA calls these types of intrusions “supply chain attacks,” in that they provide one compromise vector to multiple targets. It’s not difficult to see from the customer lists of the software titles mentioned above why an attacker might salivate over the idea of hacking an entire suite of software designed for corporate system administrators.
“Supply chain exploitation attacks, by their very nature, are stealthy and have the potential to provide the attacker access to their targets for a much longer period than malware delivered by other common means, by evading traditional network analysis and detection tools,” wrote RSA’s Kent Backman and Kevin Stear. “Software supply chain attacks offer considerable ‘bang for the buck’ against otherwise hardened targets. In the case of Kingslayer, this especially rings true because the specific system-administrator-related systems most likely to be infected offer the ideal beachhead and operational staging environment for system exploitation of a large enterprise.”
You all can get a copy of the RSA report available here (PDF).
We like to thanks Brain Krebs for his efforts to bring up this notification. And also appreciate the efforts of Kent and Kevin for this research work. Without them we don't even know about this breach.
Cyber Kendra thanks to all people on this research for there work and great contribution on Security community.
Source: KerbsonSecurity
But among all those data breach, internet had missed another biggest one. Yesterday security journalist Brain Krebs had wrote a blog post making a light on a topic that was discussed on RSA security conference, held in San Francisco last week.
The report presented on RSA was of the threat from a malware operation the company dubbed “Kingslayer.” According to RSA, the attackers compromised the Web site of a company that sells software to help Windows system administrators better parse and understand Windows event logs.
The name of the company was not disclosed at conferences but with some of clues, Krebs had got the victim vendor. It was Altair Technologies Ltd, which sells a simple application called EVlogs, that helps to prase Windows Event log in a better way.
Why this is Biggest Security Breached?
This is another biggest security breach because, according to RSA, the victims that uses the EVlogs software, included five major defense contractors, four major telecommunications providers, 10+ western military organizations, more than two dozen Fortune 500 companies, 24 banks and financial institutions, and at least 45 higher educational institutions.“Supply chain exploitation attacks, by their very nature, are stealthy and have the potential to provide the attacker access to their targets for a much longer period than malware delivered by other common means, by evading traditional network analysis and detection tools,” wrote RSA’s Kent Backman and Kevin Stear. “Software supply chain attacks offer considerable ‘bang for the buck’ against otherwise hardened targets. In the case of Kingslayer, this especially rings true because the specific system-administrator-related systems most likely to be infected offer the ideal beachhead and operational staging environment for system exploitation of a large enterprise.”
You all can get a copy of the RSA report available here (PDF).
After the research work of Kent and Kevin along with Krebs, Altair Technologies Ltd had commented saying they are not so popular to gain the media headlines. They said -
"We also don’t expect that a large organization would use EvLog to monitor their servers – it is a very simple tool. We identified the problem within a couple of weeks and imposed several layers of extra security in order prevent this type of problem.”. we don’t keep track on who downloads and tries this software, therefore there is no master list of users to notify. Any anonymous user can download it and install it. - they added.
We like to thanks Brain Krebs for his efforts to bring up this notification. And also appreciate the efforts of Kent and Kevin for this research work. Without them we don't even know about this breach.
Cyber Kendra thanks to all people on this research for there work and great contribution on Security community.
Source: KerbsonSecurity