![]() ![]() Until then, compromised machines sent only basic information, including their domain and user names, every eight hours. A tiered control-server system prevented the main functions of the malicious module from being activated unless the server sent the compromised machine a special packet. It was made up of several layers of encrypted code that were decrypted only in select cases. The malicious NetSarang products contained an advanced design that made it hard to detect on infected networks. Our users' security is our highest priority. This process will take several weeks, but we need to ensure that a compromise such as this is never again possible at NetSarang. Each device is then examined, white-listed, and then placed into the new infrastructure one-by-one. We've created a completely new and separate infrastructure and have wiped every single device which will be placed into this new infrastructure. It has been confirmed that NetSarang's infrastructure was compromised. In a statement, company officials wrote: Advertisement The malicious file was signed with NetSarang's legitimate certificate, and it remained undetected until Kaspersky Lab researchers privately notified NetSarang officials of the tampering. The backdoor code was located in a version of the file nssock2.dll that went live on the NetSarang website on July 17. "Luckily, NetSarang was fast to react to our notification and released a clean software update, most likely preventing hundreds of data-stealing attacks against their clients." "Given the opportunities for covert data collection, attackers are likely to pursue this type of attack again and again with other widely used software components," Kaspersky Lab researchers wrote in their blog post. Supply-chain attacks that targeted online gamers included one used to spread the PlugX trojan in 2015 and the malware dubbed WinNTi in 2013. The NotPetya worm that shut down computers around the world in June used the same tactic after attackers hijacked the update mechanism for tax software that was widely used in Ukraine. ![]() ![]() Further Reading Backdoor built in to widely used tax app seeded last week’s NotPetya outbreakThe attack is the latest to manipulate the supply chain of a legitimate product in hopes of infecting the people who rely on it. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |