China Implicated in Several Security Hacks

Equifax Data Breach

Security hacks

Security hacks

There are several publications and reports on Equifax Data Breach of Chinese spies and hackers working in tandem with the Chinese Government to obtain sensitive information. One of such articles was Bloomberg’s “The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies,” that was released in October 2018, sending shudders around the tech world – investigations revealed that the presence of a tiny microchip nested on the motherboards of several servers allowed the hackers to create a stealth doorway into any network that included the altered machines.

How did the malicious microchips get on the boards in the first place?

malicious_microchips

malicious microchips

Multiple people familiar with the process say investigators found that the chips had been inserted at factories run by manufacturing subcontractors in China. This attack was well known as something graver than the software-based incidents the world has grown accustomed to seeing. Usually, hardware hacks are even more difficult to pull off and possibly more devastating, promising the kind of long-term, stealth access that spy agencies are willing to invest millions of dollars and many years to get.

Agencies Deny the Hack

Due to privacy and a few other legal details, most of the companies allegedly involved in the breach fervidly denied these claims and even wrote an official statement saying “We can be very clear on this: Apple has never found malicious chips, ‘hardware manipulations’ or vulnerabilities purposely planted in any server.” The National Cyber Security Center of the U.K. and the U.S. Homeland Security jointly said that they believe the so-called Supermicro hack at no time happened. Comfortably buttressing their claim that Amazon and Apple were telling the truth. Would this mean that the biggest supply chain hardware hack was a hoax? We might probably never find out.

Physical Supply Chain Attack

Physical_Supply_Chain_Attack

Physical Supply Chain Attack

“Hardware is just so far off the radar, it’s almost treated like black magic,” says Joe Grand, a hardware hacker and the founder of Grand Idea Studio Inc. Putting all the information and credible investigative reports together, we know that several members of the Chinese People’s Liberation Army are being prosecuted for carrying out the most significant supply chain attack ever. The exploitation of a susceptible utility component at Equifax–  Consequentially leading to a breach of sensitive information of more than 145 million persons. As shocking as this is, the world appears to be quiet on the significance of supply chain security. Bloomberg should probably take a closer look at their article and effect a few changes to their story.

Check out The Top 10 Open Source Big Data Tools from this link.

All You Need to Know About The Real “Big Hack”

The security of the global technology supply chain had been compromised, even if consumers and most companies didn’t know it yet

Over several times in the last decade, manipulating software supply chain and several other efforts targeted at breaching numerous open source projects are happening in the world at an alarming rate. The Equifax breach is just the most recent of many wake-up calls. Recent news reports that Chinese military hackers, in tandem with the Chinese People’s Liberation Army, are being prosecuted for the hack.

The Supermicro incident might have caused a global shockwave – still, much of the world hasn’t identified the terrifying reality: to accomplish a seeding attack would mean developing a deep understanding of a product’s strategy and design, manipulating mechanisms and components at the factory, and ensuring that the tampered devices made it through the global logistics chain to the desired location. It’s considerably easier for hackers to infiltrate and hack a software supply chain than a physical one.

The Hack was Bigger than Equifax

Firstly, it’s imperative that you realize Equifax was just one of the numerous targets of a large scale hack. The hackers also made several attempts at a few other companies and agencies, namely, the Department of Defense (DoD), Alaska Airlines, GMO Payment Gateway, the Canada Revenue Agency, Okinawa Power, the India Post, AADHAAR (India’s social security system), and the Japanese Post, all within 24 hours of the Apache closure. “We had a nation-state actor within 24 hours scanning for unpatched [Struts] servers within the DoD.” Says David Hogue, an NSA’s Cybersecurity Threat Operations Center (NCTOC) Senior Technical Director.

Another feature warranting special consideration is the puzzling question: “what happened at Equifax in the three days between the Apache Struts vulnerability being revealed on March 7th and the primary breach on March 10th?

Is There a Way Out?

Bad actors have changed their tactic to find more effective attack vectors; surprisingly, they’ve been able to infiltrate applications directly and at an amazing speed too. Thus, reducing the usual time hackers require to exploit a newly disclosed open source vulnerability by 93.5% in the last decade. This punitive reality creates a new standard for software supply chain threats and demands that administrations are prepared to do these three things within 48 hours of a new public disclosure:

  • Evaluate which, if any, of their production applications are prone or exposed to malicious intent,
  • Create an inclusive plan to control probable exposure,
  • Effect required fixes in the manufacturing process

Regardless of what should be public knowledge, about 57% of the Fortune 100 companies kept using the same faulty software component that made the Equifax breach possible. Sadly, many organizations continue to devote resources to perimeter and network security, rather than application security. In the year  2019, which was two years after the primary breach, 1 in 4 companies established or suspected they had a breach due to an open-source susceptibility.

Additionally, an increase in the frequency of malicious attacks on the supply chain means than hackers are now directly injecting malicious and susceptible components into open source ecosystems and schemes. These compromised applications, which are presumed to be safe, are then made available for use by consumers and businesses alike, posing a highly significant risk to organizations and users alike – as they are all oblivious to the malicious process that has already begun.

Summarily, organizations and businesses should exercise effective software supply chain governance to prevent exposing themselves and their customers to great risk and infiltration from malicious sources.