Story of the Year: global IT outages and supply chain attacks

Category	Details
Threat Actors	APT actors targeting space industry, attackers exploiting supply chain vulnerabilities in Fortinet, OpenSSH, XZ Utils, and Cisco Duo.
Campaign Overview	Multiple supply chain attacks, including malware backdoors, kernel vulnerabilities, pager exploits, and targeting critical services like MFA and web components.
Target Regions (or Victims)	Global impact, with incidents affecting regions like the Middle East, Linux distributions, websites worldwide, and specific sectors like healthcare and government.
Methodology	Supply chain abuse, backdoor implantation, phishing, social engineering, exploiting misconfigurations, and leveraging vulnerabilities in widely used platforms.
Product Targeted	OpenSSH, Fortinet products, XZ Utils, Polyfill.io, Cisco Duo, CrowdStrike, and Linux kernel.
Malware Reference	XZ backdoor, JarkaStealer, botnet malware in Discord platforms, “regreSSHion” vulnerability, and custom malware in AI and satellite campaigns.
Tools Used	AI-driven anomaly detection for prevention, Polyfill.io scripts, malware-laden Docker containers, and manipulated source code repositories.
Vulnerabilities Exploited	– OpenSSH “regreSSHion” vulnerability. – Critical CVEs in Fortinet products. – Subsea cable disruptions. – Kernel vulnerabilities in Linux and Windows.
TTPs	– Multi-stage attacks on open-source tools. – Exploiting physical components like pagers and subsea cables. – Phishing and insider exploitation.
Attribution	Threat actors leveraging supply chain dependencies; research and reports by Kaspersky, Qualys, and others.
Recommendations	– Regular testing of updates before deployment. – Diversification of providers. – Patch management. – Rigorous configuration management and oversight.
Source	Securelist by Kaspersky

 

Read full article: https://securelist.com/ksb-story-of-the-year-2024/114883/

Disclaimer: The above summary has been generated by an AI language model