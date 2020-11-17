Expert Comments

Experts Reacted On Lazarus Malware Strikes South Korean Supply Chains

by
by

It has been reported that Lazarus malware has been tracked in new campaigns against South Korean supply chains, made possible through stolen security certificates. 

Today, cybersecurity researchers from ESET revealed the abuse of the certificates, stolen from two separate, legitimate South Korean companies. In this supply chain attack, the threat actors are using an “unusual supply chain mechanism,” ESET says, in which Lazarus is abusing a standard requirement for South Korean internet users — the need to install additional security software when they visit government or financial services websites. 

Experts Comments

Dot Your Expert Comments
Javvad Malik
November 17, 2020
Security Awareness Advocate
KnowBe4
Government departments in particular need to keep a close eye on mandatory software or portals.
This attack by Lazarus group is yet another example of how cyber criminals will try to compromise the supply chain at any weak spot to gain access. It's therefore essential that all organisations have effective and robust security controls in place to maintain the integrity of its supply chain and the security of transactions which take place across it. We saw Petya ransomware spread through most .....Read More
This attack by Lazarus group is yet another example of how cyber criminals will try to compromise the supply chain at any weak spot to gain access. It's therefore essential that all organisations have effective and robust security controls in place to maintain the integrity of its supply chain and the security of transactions which take place across it. We saw Petya ransomware spread through most of Ukraine due to a compromised tax filing software. Government departments in particular need to keep a close eye on mandatory software or portals which, if compromised, can quickly have large impacts.  Read Less
Stuart Sharp
November 17, 2020
VP of Solution Engineering
OneLogin
Maintaining good cybersecurity requires keeping an eye on the basics.
What has transpired here highlights how cybersecurity does not operate within a vacuum. Maintaining good cybersecurity requires keeping an eye on the basics, and ensuring that the organisations you partner with in the supply chain do as well - as the saying goes, your security is only as strong as your weakest link. In this instance, the South Korean government should ensure that the software mana.....Read More
What has transpired here highlights how cybersecurity does not operate within a vacuum. Maintaining good cybersecurity requires keeping an eye on the basics, and ensuring that the organisations you partner with in the supply chain do as well - as the saying goes, your security is only as strong as your weakest link. In this instance, the South Korean government should ensure that the software manager verifies the owner of the certificate, and that all organisations within their supply chain are adhering to a standard set of cyber hygiene rules as well as performing regular security audits. This is particularly true if they are requiring users to download software to access certain services.  Read Less
Boris Cipot
November 17, 2020
Senior Sales Engineer
Synopsys
All that hackers had to do was find the websites that were easiest to breach.
For many services in South Korea, visitors must first download special security software in order to verify their identity, security status and enable secure downloads prior to gaining access. While the Wizvera software does exhibit security maturity and offers a safeguard to cyber threats, it only does what the configuration file instructs. In other words, the file informs Wizvera on which softwa.....Read More
For many services in South Korea, visitors must first download special security software in order to verify their identity, security status and enable secure downloads prior to gaining access. While the Wizvera software does exhibit security maturity and offers a safeguard to cyber threats, it only does what the configuration file instructs. In other words, the file informs Wizvera on which software it should install. All that hackers had to do was find the websites that were easiest to breach. Once breached, the attacker could then replace legitimate binaries with malicious ones. This enables Wizvera to install malicious software on visitors' devices. This is yet another case of cybercriminals finding loopholes in security procedures. Based on feedback from ESET researchers, the easiest prevention of such an attack would be to provide hashes on the binaries in the configuration files. That way, the binary cannot be installed if the hashes do not match. Unfortunately, skipping this extra security step has allowed attackers to abuse the otherwise robust system. We see this often, where misconfiguration can lead to significant consequences. While typically we hear about instances of misconfigured S3 buckets, in this case, it was a misconfigured instruction file.  Read Less

If you are an expert on this topic:

Dot Your Expert Comments
0
FacebookTwitterLinkedinWhatsappEmail

You may also like

Experts Reacted On News That Micropayments Company Coil Exposed Hundreds...

Hackers Pose As WHO Officials To Attack COVID-19 Vaccines

Ticketmaster Fined £1.25m Over Payment Data Breach

Resident Evil Developer Capcom Breached – Experts Perspective

Expert Reaction On Research Reveals 4.5 Million Electronic Devices Handed...

Experts Insight On Jupyter Trojan – Newly Discovered Malware Stealthily...

International Fraud Awareness Week (w/c 16th November) – Expert Commentary

Expert Insight: Info Of 27.7 Million Texas Drivers Exposed In...

US Mental Health Provider Email Breach; Experts Reaction

Security Flaw In Smart TVs Grants Hackers Access

Join the discussion with expert(s)

Save my name, email, and website in this browser for the next time I comment.

* By using this form you agree with the storage and handling of your data by this website.