US warns of supply chain cyber-attacks

Getty Images

The US intelligence community has issued a new warning about cyber-espionage risks arising from attacks made through the technology supply chain.

A report said that China, Russia and Iran have been the most capable and active, have been involved in such economic subterfuge.

Software of supply chain infiltration had already threatened critical infrastructure, he warned, and was ready to put in danger other sectors.

He added that the sensitive data of properties of the bodies had been put at risk.

The Foreign economic Espionage Report was published by the National Counterintelligence and Security Center (NCSC).

He said that last year marked a “watershed”, the seven most significant software supply chain management, and made public.

In comparison, only four of these accidents were widely reported between 2014 and 2016, he said.Key ‘threat’

The concern is that attackers are looking for new ways to take advantage of computer networks is the privileged way of access to the suppliers of technology.

“The Software supply chain infiltration is one of the main threats that companies need to pay attention to, in particular, about how software vulnerabilities are exploited,” William Evanina, the NCSC director and the U.S.’s top counter-intelligence official, has told the BBC.

“More and more hardened enterprise perimeter, cyber-actors are destined for the supply chains.

“The impact of confidential data, trade secrets, and national security are profound.”

The report highlights a series of attacks.

They include the spread of a trap version of CCleaner – computer-cleaning program that was revealed last September.

This worked by inserting the malicious code in the software to take advantage of the access which he enjoyed.

Millions of machines were infected, but the report said that hackers had targeted 18 companies for the conduct of espionage, including Samsung, Asus, Intel, VMware, O2, orange and Fujitsu.Lost millions

The attacks may also have disruptive effects, in addition to being used to steal information.

The use of accounting software to target Ukraine in the so-called NotPetya attack is another example in which a software supply chain has been compromised.

The software has been used for the income statement in the Ukraine.


Hackers, presumably from Russia – implanted malicious code that wiped the machine data. Spread far beyond Ukraine through the many companies that have done business in the country, causing hundreds of millions of dollars of damage.

Supply chain attacks have the potential to affect many different machines with a single compromise, and may be more difficult to detect than traditional malware attacks.Backdoor violations

Another marked case involved software from the South Korean company Netsarang, which was damaged with a backdoor. This was in turn used to hit hundreds of companies in the energy, financial services, manufacturing, telecommunications, transportation and pharmaceutical industries.

Squirrels was also discussed. The operation targeted malware administrator account to install a backdoor that provided access to sensitive parts of a network destination.

The report said that while it is not known how many companies have been infected, “at least one of US defence contractor targeted and “compromise”.

Last week, the cyber-security company Crowdstrike also published the results of a survey that he had commissioned. Two-thirds of the organisations who responded said they had experienced a software supply chain attack in the last 12 months.

The average cost of an attack was more than $1.1 m (£838,000).Kaspersky Lab

The US report also raised concerns about the foreign technology companies that have close ties with their national governments. It points to new laws and regulations in Russia and China, which require reviews of the source code.

“The new foreign laws and an increase of the risks posed by foreign technology companies because of their links with host governments, may present the company previously unforeseen threats,” the report said.

Furthermore, last September the Department of Homeland Security, directive tell us federal agencies and departments to remove Kaspersky Lab products because of the company, links to Russia.

Kaspersky Lab Software has a wide and privileged access to the machines to scan for viruses, but the company has always denied any use of this type of access for espionage on behalf of the Russian state.