![]() ![]() Interestingly, it appears that NightScout only infected five NoxPlayer users with a malicious update, based in Taiwan, Hong Kong, and Sri Lanka.Īlthough targeted cyberattacks are not unusual, they are more commonly used to target government officials or high-profile businessmen. NightScout also delivered a second-stage payload, the PoisonIvy RAT, but from their own infrastructure rather than using compromised NoxPlayer updates. The first has not been documented before, while the second was a variant of the Ghost remote access trojan (RAT). ![]() When unsuspecting NoxPlayer users downloaded an update, they were unknowingly downloading multiple malware strains with surveillance-related capabilities. Also, check out our roundup of the best malware removal tools.These are the best identity theft protection services on the market.We've built a list of the best Android antivirus apps around.Ask for a demo at your local ALSO office or by sending me a DM. I would recommend you to check one of the most advanced offerings provided by our partner CYE. □️ Enrich your existing cybersecurity tools with automated, machine learning solution which will dramaticaly decrease reaction time and will let you mitigate risks faster than it will affect your assets. □️ Involve cybersecurity team when choosing the supplier or implementing new updates. Do it regularly and not less than once per year. □️ Create and maintain your companies internal Cybersecurity assessment procedure. To reduce the probability of supply-chain attacks you should start with 3 basic steps: The key for supply-chain attack mitigation is to ensure that every your third-party vendors are compliant with the cybersecurity standards. This prevalence is expected to further increase as threat actors, motivated by the success of the US government breach, switch their preference to this attack method.ģ key steps to protect your company from supply-chain attacks: According to a last year study by Symantec, supply chain attacks increased by 78% in 2019. The adoption of this cyber attack method is growing at an alarming rate. □ Cybersecurity assessment procedures either not implemented or are done on non-regular basis.Īs a result we see increasing amount of cases, like the recent discovery made by ALSO Group long term security partner ESET (see article in 1st comment), where it become easier for attacker to compromise supplier software code which leads to a malware code infiltration into company assets much faster than direct attack. □ Existing suppliers are considered "trusted-by-default" □ Cybersecurity focus is switched to building Zero-Day protection as the potential breach vector Nevertheless, this attack vector is known there are usually several reasons or combination of those why it continues to work: When its done attacker gains an access to the vendors customer network and as the malware is hidden under signature victims cybersecurity systems recognizes it as an authentic to the manufacturer and grants permision for code execution. ![]() After injection into vendor's ecosystem the malicious code is being hidden under the legitimate, digitally signed process of its host. It starts with infiltraing into vendor security defences. Supply chain attacks are utilizing legitimate processes to gain uninhibited access into a business's ecosystem.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |