Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label software vulnerabilities. Show all posts
software vulnerabilities
ATM Cyber Security Cybersecurity measures cybersecurity vulnerability Encryption Software Updates software vulnerabilities

The Expanding PKfail Vulnerability in Secure Boot and Its Alarming Impact

 

The PKfail vulnerability in Secure Boot has grown into a far-reaching security threat, affecting thousands of devices across multiple sectors. Originally believed to be a limited issue, it arises from manufacturers releasing hardware with known compromised software, allowing unauthorized software to bypass Secure Boot encryption. Even after the initial leak of the Secure Boot encryption code in 2022, manufacturers continued to distribute devices with compromised security, and some even included warnings like “DO NOT TRUST” in the firmware. 

The original discovery indicated that devices from top manufacturers such as Dell, Acer, and Intel were compromised. However, recent investigations have expanded the list to include other major brands like Fujitsu, Supermicro, and niche producers like Beelink and Minisforum. Alarmingly, the list of impacted devices has grown to nearly four times its original size, now encompassing around a thousand models of laptops, desktops, and other x86-based hardware. What’s more concerning is that the PKfail vulnerability isn’t limited to standard consumer devices. It extends to enterprise servers, point-of-sale systems, gaming consoles, ATMs, and even medical and voting machines. 

These revelations indicate that the Secure Boot vulnerability has a much wider reach, exposing critical infrastructure to potential attacks. According to Binarly’s detection tool, this breach affects numerous industries, making it a significant cybersecurity risk. The challenge of exploiting Secure Boot remotely is substantial, often requiring advanced skills and resources, making it a tool primarily used by hackers targeting high-profile individuals or organizations. It’s particularly relevant for high-net-worth individuals, government agencies, and large corporations that are more likely to be the targets of such sophisticated attacks. 

State-sponsored hackers, in particular, could leverage this vulnerability to gain unauthorized access to confidential data or to disrupt critical operations. Addressing the PKfail vulnerability requires immediate action, both from manufacturers and end-users. Device manufacturers must issue firmware updates and improve their security practices to ensure their hardware is protected against such threats. Meanwhile, organizations and individual users should regularly check for software updates, apply patches, and implement stringent cybersecurity measures to minimize the risk of exploitation. 

The PKfail incident underscores the critical importance of cybersecurity vigilance and reinforces the need for robust protection measures. As cyber threats continue to evolve, organizations and individuals alike must stay informed and prepared to defend against vulnerabilities like PKfail.
Read more »
supply chain attacks
cyber resilience Cyber Security Cybersecurity Threats Cyble research dark web breaches IT Security software vulnerabilities supply chain attacks

Cyble Research Reveals Near-Daily Surge in Supply Chain Attacks

 

The prevalence of software supply chain attacks is on the rise, posing significant threats due to the extensive impact and severity of such incidents, according to threat intelligence researchers at Cyble.

Within a six-month span from February to mid-August, Cyble identified 90 claims of supply chain breaches made by cybercriminals on the dark web. This averages nearly one breach every other day. Supply chain attacks are notably more costly and damaging than other types of cyber breaches, making even a small number of these attacks particularly detrimental.

Cyble’s blog highlights that while infiltrations of an IT supplier’s codebase—similar to the SolarWinds incident in 2020 and Kaseya in 2021—are relatively uncommon, the software supply chain’s various components, including code, dependencies, and applications, remain a continuous source of vulnerabilities. These persistent risks leave all organizations exposed to potential cyberattacks.

Even when supply chain breaches do not compromise codebases, they can still result in the exposure of sensitive data, which attackers can exploit to breach other environments through methods such as phishing, spoofing, and credential theft. The interconnected nature of the physical and digital supply chain means that any manufacturer or supplier involved in downstream distribution could be considered a potential cyber risk, according to the researchers.

In their 2024 analysis, Cyble researchers examined the frequency and characteristics of supply chain attacks and explored defenses that can mitigate these risks.

Increasing Frequency of Supply Chain Attacks

Cyble’s dark web monitoring revealed 90 instances of cybercriminals claiming successful supply chain breaches between February and mid-August 2024.

IT service providers were the primary targets, accounting for one-third of these breaches. Technology product companies were also significantly impacted, experiencing 14 breaches. The aerospace and defense, manufacturing, and healthcare sectors followed, each reporting between eight and nine breaches.

Despite the concentration of attacks in certain industries, Cyble’s data shows that 22 out of 25 sectors tracked have experienced supply chain attacks in 2024. The U.S. led in the number of breaches claimed on the dark web, with 31 incidents, followed by the UK with 10, and Germany and Australia with five each. Japan and India each reported four breaches.

Significant Supply Chain Attacks in 2024

Cyble’s blog detailed eight notable attacks, ranging from codebase hijacks affecting over 100,000 sites to disruptions of essential services. Examples include:

  • jQuery Attack: In July, a supply chain attack targeted the JavaScript npm package manager, using trojanized versions of jQuery to exfiltrate sensitive form data from websites. This attack impacted multiple platforms and highlighted the urgent need for developers and website owners to verify package authenticity and monitor code for suspicious modifications.
  • Polyfill Attack: In late June, a fake domain impersonated the Polyfill.js library, injecting malware into over 100,000 websites. This malware redirected users to unauthorized sites, underscoring the security risks associated with external code libraries and the importance of vigilant website security.
  • Programming Language Breach: The threat actor IntelBroker claimed unauthorized access to a node package manager (npm) and GitHub account related to an undisclosed programming language, including private repositories with privileges to push and clone commits.
  • CDK Global Inc. Attack: On June 19, a ransomware attack targeted CDK Global Inc., a provider of software to automotive dealerships, disrupting sales and inventory operations for weeks across North American auto dealers, including major networks like Group1 Automotive Inc. and AutoNation Inc.
  • Access to 400+ Companies: IntelBroker also claimed in June to have access to over 400 companies through a compromised third-party contractor, with data access to platforms like Jira, GitHub, and AWS, potentially affecting large organizations such as Lockheed Martin and Samsung.
Mitigating Supply Chain Risks through Zero Trust and Resilience

To counter supply chain attacks, Cyble researchers recommend adopting zero trust principles, enhancing cyber resilience, and improving code security. Key defenses include:

  1. Network microsegmentation
  2. Strong access controls
  3. Robust user and device identity authentication
  4. Encrypting data both at rest and in transit
  5. Ransomware-resistant backups that are “immutable, air-gapped, and isolated”
  6. Honeypots for early detection of breaches
  7. Secure configuration of API and cloud service connections
  8. Monitoring for unusual activity using tools like SIEM and DLP
  9. Regular audits, vulnerability scanning, and penetration testing are also essential for maintaining these controls.

Enhancing Secure Development and Third-Party Risk Management

Cyble also emphasizes best practices for code security, including developer audits and partner assessments. The use of threat intelligence services like Cyble’s can further aid in evaluating partner and vendor risks.

Cyble’s third-party risk intelligence module assesses partner security across various areas, such as cyber hygiene, dark web exposure, and network vulnerabilities, providing specific recommendations for improvement. Their AI-powered vulnerability scanning also helps organizations identify and prioritize their own web-facing vulnerabilities.

As security becomes a more critical factor in purchasing decisions, vendors will likely need to improve their security controls and documentation to meet these demands, the report concludes.
Read more »
Subscribe to: Posts (Atom)