Supply chain attacks have been on the rise in the last few years, rapidly becoming one of the most dangerous security threats. This article highlights some of the most noteworthy supply chain incidents observed in 2022.
The Okta hack
Major provider of authentication services Okta had its network hacked by the infamous Lapsus$ data extortion group who said at the time that their goal was not to steal data from the vendor, but instead leverage access to Okta to target its clients. The Lapsus$ group gained access to the company’s network via a third-party subprocessor, Sitel, and was able to view Okta’s customer information and perform administrative actions.
The hack took place from January 16 to 21, 2022, and was publicly disclosed in late March. According to Okta, which has more than 15,000 clients worldwide, the incident impacted approximately 375 customers.
The GitHub OAuth tokens attack
In April, GitHub’s security team revealed a security incident, in which attackers stole OAuth user tokens issued to third-party integrators Heroku and Travis-CI and leveraged them to download data from dozens GitHub’s customers who had been using OAuth applications maintained by the aforementioned vendors, including npm and the repository hosting service itself.
GitHub said these attacks were highly targeted, given that the intruders carefully listed all accessible private repos and only downloaded repositories from specific organizations.
The Magento vendor Fishpig hack
Multiple extension developed by FishPig, a company which provides Magento-WordPress integration software, were infected with malware in a supply chain attack that took place in August.
The attackers compromised the vendor’s infrastructure and injected malicious code that installs the Recoobe malware into FishPig Magento Security Suite and FishPig WordPress Multisite software to get access to websites using FishPig’s products. The attack appeared to affect paid Fishpig extensions, free extensions hosted on GitHub were not impacted. It’s unclear how many Magento e-commerce stores were affected in this attack.
The AccessPress supply chain attack
AccessPress, a popular WordPress plugin and theme developer of add-ons used in over 360,000 active websites, was compromised in a massive supply chain attack, with the company’s software replaced by backdoored versions. The backdoor gave the threat actors full access to websites that used malicious plugins.
In total, the threat actors behind the attack compromised 40 themes and 53 plugins available on AccessPress Themes website.
Commercial chat provider Comm100 compromised in SolarWinds-like supply chain attack
Canada-based commercial chat provider Comm100, which claims to have 15,000 customers in 51 countries, experienced a cyber-attack, where a China-linked threat actor compromised the vendor’s infrastructure and hijacked the installer for Comm100’s Live Chat software. The attackers modified the installer to backdoor victims’ machines, which would allow them to deploy additional malware.
While the compromise was short-lived, the attack affected companies in the industrial, healthcare, technology, manufacturing, insurance and telecommunications sectors in North America and Europe. How many victims were impacted in the attack remains unknown.
Original story:
https://www.immuniweb.com/blog/5-biggest-supply-chain-attacks-in-2022-so-far.html