SlideShare a Scribd company logo

Supply chain-attack

V
vikram vashisth

Supply chain attacks target software developers and suppliers by infecting legitimate applications to distribute malware. Attackers can compromise developer Git accounts to inject malware into repositories that get delivered to clients. They can also introduce vulnerable modules that aren't properly tested. This can lead to financial and personal data theft for customers of affected e-commerce sites, and legal issues for site owners and software vendors due to data breaches and loss of trust. Detecting malware involves scanning modules, servers, and developer systems using tools like YARA, LMD, and SYNK at various stages of the software development and delivery process.

1 of 11
Download to read offline
Supply chain Attack By - Vikram Vashisth
Topics To be discussed ● About ● Detecting threat ● Remediation ● Conclusions
Supply chain attack: Supply chain attack are an emerging kind of threat that target software developers and suppliers. The goal is to access source codes, build processes, or update mechanisms by infecting legitimate apps to distribute malware.
News bytes
Use case1 : • Delivery of modules containing malware, activate on client server source : 1) Using third party malicious modules/libraries without verification of code 2) Developer's Git account compromise leads to malware injection in the repositiory which are delivered as a product to client's website and impact end users.
Use case2 : • Delivery of vulnerable modules, exploited on client server source : Not following secure development practices In this case the vulnerability generated because of not following security best practices in software development, which can be exploited on websites using vulnerable modules and directly impact end users of websites.
Impact: Stage1 : E-commerce website customer Purchasing items from a compromised website leads to financial and personal data theft. Stage2 : E-commerce website owner A compromised website owner can face multiple legal cases in case of data breach because of compliance like GDPR, PCI DSS etc. Stage3 : Software vendor Delivery of vulnerable software can rise trust issues on software vendor.
How to detect malware? • YARA • LMD (Linux Malware detection) • SYNK
Malware scanning stages: Stage1 : Scanning modules before delivering to client Stage2 : Scanning of client server before making any customization Stage3 : Frequently scanning developers system connecting to client server
Reference: YARA : https://github.com/VirusTotal/yara LMD : https://github.com/rfxn/linux-malware-detect SYNK : https://snyk.io/docs/using-snyk/
Thanks!

More Related Content

Supply chain-attack

  • 1. Supply chain Attack By - Vikram Vashisth
  • 2. Topics To be discussed ● About ● Detecting threat ● Remediation ● Conclusions
  • 3. Supply chain attack: Supply chain attack are an emerging kind of threat that target software developers and suppliers. The goal is to access source codes, build processes, or update mechanisms by infecting legitimate apps to distribute malware.
  • 5. Use case1 : • Delivery of modules containing malware, activate on client server source : 1) Using third party malicious modules/libraries without verification of code 2) Developer's Git account compromise leads to malware injection in the repositiory which are delivered as a product to client's website and impact end users.
  • 6. Use case2 : • Delivery of vulnerable modules, exploited on client server source : Not following secure development practices In this case the vulnerability generated because of not following security best practices in software development, which can be exploited on websites using vulnerable modules and directly impact end users of websites.
  • 7. Impact: Stage1 : E-commerce website customer Purchasing items from a compromised website leads to financial and personal data theft. Stage2 : E-commerce website owner A compromised website owner can face multiple legal cases in case of data breach because of compliance like GDPR, PCI DSS etc. Stage3 : Software vendor Delivery of vulnerable software can rise trust issues on software vendor.
  • 8. How to detect malware? • YARA • LMD (Linux Malware detection) • SYNK
  • 9. Malware scanning stages: Stage1 : Scanning modules before delivering to client Stage2 : Scanning of client server before making any customization Stage3 : Frequently scanning developers system connecting to client server
  • 10. Reference: YARA : https://github.com/VirusTotal/yara LMD : https://github.com/rfxn/linux-malware-detect SYNK : https://snyk.io/docs/using-snyk/