One of the most fatal forms of hacking is a software supply chain attack as it involves illicitly accessing a developer’s network and placing the malicious code into the software updates and applications that users consider and trust the most.
In a single attempt, supply chain hackers can potentially place their ransomware onto thousands or millions of computer systems, they can do so without even a single trace of malicious activity. With time, this trick has gained a lot of traction and has become more advanced and difficult to be identified. Supply chain attacks follow a similar pattern and have been used by the associated companies as their core tool.
Basically, supply chain attacks exploit various software dissemination channels and over the last three years, these attacks have been majorly linked to a group of Chinese hackers. Reportedly, they are popularly known as ShadowHammer, Barium, Wicked Panda and ShadowPad, the name varies along with the security firms.
The trick demonstrates the massive potential of ShadowHammer to destroy computer systems on a large scale along with exploiting vulnerabilities present in a fundamental model which governs the code employed by users on their systems, such destructive ability possessed by Barium is a matter of great concern for security researchers.
Referencing from the statements given by Vitaly Kamluk, the director of the Asia research team for security firm Kaspersky, “They’re poisoning trusted mechanisms,” “they’re the champions of this. With the number of companies they’ve breached, I don’t think any other groups are comparable to these guys.”
“When they abuse this mechanism, they’re undermining trust in the core, foundational mechanisms for verifying the integrity of your system,”
“This is much more important and has a bigger impact than regular exploitation of security vulnerabilities or phishing or other types of attacks. People are going to stop trusting legitimate software updates and software vendors.”
On being asked, Marc-Etienne Léveillé, a security researcher, said, “In terms of scale, this is now the group that is most proficient in supply chain attacks,”
“We’ve never seen anything like this before. It’s scay because they have control over a very large number of machines
“If [Barium] had deployed a ransomware worm like that through one of these attacks, it would be a far more devastating attack than NotPetya,” said another expert on the matter.