An insidious attack trend has been catching my eye lately. It’s called the software supply chain attack.
The scheme goes like this: Hackers compromise a trusted software vendor, subvert its products with their own malicious versions, and then use the tainted formulation to infect customers — thereby bypassing internal security controls and easily spreading malware far and wide. Customers, careful to keep their software up to date, don’t think twice about downloading the latest iterations. That’s good digital hygiene, after all.
At least that’s what we’ve been trained to think. Cisco researchers exposed one of these sneaky incursions earlier this week. The hacking operation sabotaged CCleaner, a popular piece of computer cleaning software distributed by Avast, a Czech antivirus firm. (Morphisec, an Israeli cybersecurity startup, had discovered the compromise too.)