Open source supply chain attacks specifically target banking

Researchers at Checkmarx have detected several open-source software supply chain attacks that specifically target the banking sector.

These attacks use advanced techniques, including targeting specific components in web assets of the victim bank by attaching malicious functionalities to them. The attackers employed deceptive tactics such as creating fake LinkedIn profiles to appear credible and customized command and control centers for each target, exploiting legitimate services for illicit activities.

Attackers also employed the Havoc Framework in order to evade tough security measures. Havoc is an advanced post-exploitation command and control framework that serves as a powerful tool for managing, coordinating and modifying attacks to bypass changing situations and security measures.

The report points to the need for change in how supply chain security is perceived. Historically vulnerability scanning has occurred at the build level, but this is not effective once a compromised open source package is in the pipeline. Organizations need to adopt a proactive, integrated security architecture, incorporating protective measures at every stage of the software development lifecycle.

On the Checkmarx blog the report's authors conclude, "We anticipate a steady escalation in targeted attacks, including on banks. Our primary intention with this blog is to shine a light on the Tactics, Techniques, and Procedures (TTP) we've observed and foster collective understanding and awareness of these emerging threats. The need of the hour is to stay vigilant, continuously evolve our defenses, and stay a step ahead of the threat actors."

Image Credit: Rob Byron / Shutterstock