Developers
August 5, 2020

Kaspersky Aims to Protect Against Supply-Chain Attacks With Kaspersky Hybrid Cloud Security

Kaspersky Hybrid Cloud Security helps protect software development tools from supply-chain attacks.

Recent years have seen a significant rise in computer security threats. Gone are the days where a simple virus or trojan was the biggest threat. Nowadays, while the old standbys still exist, there are also malware, ransomware, denial-of-service attacks (DDoS) and much more.

In the grand scheme of things, however, supply chain attacks are the holy grail of hacks, as there is almost no limit to what a hacker can do, or the information that can be collected.

What Is a Supply-Chain Attack

A supply-chain attack is one where the hackers gain access to a company’s development pipeline and inject a virus, trojan, backdoor or other type of malware into the company’s legitimate software.

There are a number of ways this kind of attack can occur. One popular method is to gain access to a company’s repository where their source code is stored and insert the malware directly into the code.

Another method is to gain access to a third-party tool or service and using it as an attack vector. For example, in 2017, Microsoft detected an attack where hackers had gained access to a third-party updating tool that was used by software in the finance and payment industries.

“During forensic analysis, an incident responder has to consider every possible explanation about how an attack took place,” wrote Microsoft Defender ATP Research Team at the time. “After ruling out a series of options—a local man-in-the-middle (MITM) attack, malware injection, or malware-bundled installers—forensic examination of the Temp folder on the affected machine pointed us to a legitimate third-party updater running as service. The updater downloaded an unsigned, low-prevalence executable right before malicious activity was observed.

“The downloaded executable turned out to be a malicious binary that launched PowerShell scripts bundled with the Meterpreter reverse shell, which granted the remote attacker silent control. The binary is detected by Microsoft as Rivit.

“Although it did not utilize a zero-day exploit, this cyber attack effectively compromised an asset. It took advantage of the common trust relationship with software supply chains and the fact that the attacker has already gained control of the remote update channel. This generic technique of targeting self-updating software and their infrastructure has played a part in a series of high-profile attacks, such as unrelated incidents targeting Altair Technologies’ EvLog update process, the auto-update mechanism for South Korean software SimDisk, and the update server used by ESTsoft’s ALZip compression application.”

The potential damage is almost limitless. Imagine what can happen if hackers are able to compromise code for banking apps, password managers, email accounts, encryption software and other critical applications. Personal communication can be exposed, bank accounts accessed, passwords stolen or encryption keys undermined—all because the software was compromised at the source.

As a result, protecting against supply-chain attacks is of paramount importance, especially in the age of cloud computing.

Kaspersky Hybrid Cloud Security and Supply-Chain Protection

The latest version of Kaspersky Hybrid Cloud Security is designed to provide protection against supply-chain attacks.

One of the primary goals of the new release is to provide the necessary degree of protection without negatively impacting development time or time-to-market. To accomplish this, Kaspersky focused on reconciling the two worlds of IT security and DevOps, with a focus on integrating security in the development process from the ground up.

As a result, this new version provides granular AV scanning of every single layer of software containers, such as Docker. This helps identify threats, or unauthorized code changes, regardless of how low-level they may be. Scanning can also be set to occur when objects are accessed.

In addition, Kaspersky Hybrid Cloud Security now supports Google Cloud, in addition to Microsoft Azure and AWS.

“Continuous software development is a unique environment that needs a specific cybersecurity approach. To stay nimble, DevOps may go as far as bypassing formal IT approval processes, making it a challenge to build cybersecurity into the development journey,” said Andrey Pozhogin, senior product marketing manager at Kaspersky. “However, it is important to leverage containers and open source code securely to reduce the risk of unknowingly embedding malicious code into software, as was found in the RubyGems attack and other cases. Kaspersky Hybrid Cloud Security helps businesses find a way out of this challenge through a win-win scenario where IT security and DevOps cooperate. The solution provides understandable tools for DevOps that don’t affect their processes; and it helps IT security teams to put in place a proven protection layer for the part of the infrastructure that may not yet be covered.”

Kaspersky’s announcement is good news for software developers and security professionals, and should go a long way toward helping to secure software against supply-chain attacks.

TagsSupply-Chain AttackCyber AttackCloud Security
Matt Milano
Technical Writer
Matt is a tech journalist and writer with a background in web and software development.

Related Articles

Back
DevelopersAugust 5, 2020
Kaspersky Aims to Protect Against Supply-Chain Attacks With Kaspersky Hybrid Cloud Security
Kaspersky Hybrid Cloud Security helps protect software development tools from supply-chain attacks.

Recent years have seen a significant rise in computer security threats. Gone are the days where a simple virus or trojan was the biggest threat. Nowadays, while the old standbys still exist, there are also malware, ransomware, denial-of-service attacks (DDoS) and much more.

In the grand scheme of things, however, supply chain attacks are the holy grail of hacks, as there is almost no limit to what a hacker can do, or the information that can be collected.

What Is a Supply-Chain Attack

A supply-chain attack is one where the hackers gain access to a company’s development pipeline and inject a virus, trojan, backdoor or other type of malware into the company’s legitimate software.

There are a number of ways this kind of attack can occur. One popular method is to gain access to a company’s repository where their source code is stored and insert the malware directly into the code.

Another method is to gain access to a third-party tool or service and using it as an attack vector. For example, in 2017, Microsoft detected an attack where hackers had gained access to a third-party updating tool that was used by software in the finance and payment industries.

“During forensic analysis, an incident responder has to consider every possible explanation about how an attack took place,” wrote Microsoft Defender ATP Research Team at the time. “After ruling out a series of options—a local man-in-the-middle (MITM) attack, malware injection, or malware-bundled installers—forensic examination of the Temp folder on the affected machine pointed us to a legitimate third-party updater running as service. The updater downloaded an unsigned, low-prevalence executable right before malicious activity was observed.

“The downloaded executable turned out to be a malicious binary that launched PowerShell scripts bundled with the Meterpreter reverse shell, which granted the remote attacker silent control. The binary is detected by Microsoft as Rivit.

“Although it did not utilize a zero-day exploit, this cyber attack effectively compromised an asset. It took advantage of the common trust relationship with software supply chains and the fact that the attacker has already gained control of the remote update channel. This generic technique of targeting self-updating software and their infrastructure has played a part in a series of high-profile attacks, such as unrelated incidents targeting Altair Technologies’ EvLog update process, the auto-update mechanism for South Korean software SimDisk, and the update server used by ESTsoft’s ALZip compression application.”

The potential damage is almost limitless. Imagine what can happen if hackers are able to compromise code for banking apps, password managers, email accounts, encryption software and other critical applications. Personal communication can be exposed, bank accounts accessed, passwords stolen or encryption keys undermined—all because the software was compromised at the source.

As a result, protecting against supply-chain attacks is of paramount importance, especially in the age of cloud computing.

Kaspersky Hybrid Cloud Security and Supply-Chain Protection

The latest version of Kaspersky Hybrid Cloud Security is designed to provide protection against supply-chain attacks.

One of the primary goals of the new release is to provide the necessary degree of protection without negatively impacting development time or time-to-market. To accomplish this, Kaspersky focused on reconciling the two worlds of IT security and DevOps, with a focus on integrating security in the development process from the ground up.

As a result, this new version provides granular AV scanning of every single layer of software containers, such as Docker. This helps identify threats, or unauthorized code changes, regardless of how low-level they may be. Scanning can also be set to occur when objects are accessed.

In addition, Kaspersky Hybrid Cloud Security now supports Google Cloud, in addition to Microsoft Azure and AWS.

“Continuous software development is a unique environment that needs a specific cybersecurity approach. To stay nimble, DevOps may go as far as bypassing formal IT approval processes, making it a challenge to build cybersecurity into the development journey,” said Andrey Pozhogin, senior product marketing manager at Kaspersky. “However, it is important to leverage containers and open source code securely to reduce the risk of unknowingly embedding malicious code into software, as was found in the RubyGems attack and other cases. Kaspersky Hybrid Cloud Security helps businesses find a way out of this challenge through a win-win scenario where IT security and DevOps cooperate. The solution provides understandable tools for DevOps that don’t affect their processes; and it helps IT security teams to put in place a proven protection layer for the part of the infrastructure that may not yet be covered.”

Kaspersky’s announcement is good news for software developers and security professionals, and should go a long way toward helping to secure software against supply-chain attacks.

Supply-Chain Attack
Cyber Attack
Cloud Security
About the author
Matt Milano -Technical Writer
Matt is a tech journalist and writer with a background in web and software development.

Related Articles