Submission + - Attack on Point of Sale Vendor Highlights Supply Chain Risk (securityledger.com)
chicksdaddy writes: Warnings about the threat posed by compromised software and hardware supply chains have grown more pointed in recent months. Notably firms like Kaspersky (http://www.kaspersky.com/about/news/virus/2015/equation-group-the-crown-creator-of-cyber-espionage) and Trend Micro (http://blog.trendmicro.com/trendlabs-security-intelligence/securing-the-it-supply-chain/) have highlighted attacks on technology supply chains, while the firm TrapX reported on a malware family, Zombie Zero, that was found lurking on hand-held scanners shipped from China and used by a prominent logistics firm. (http://deceive.trapx.com/rs/trapxcompany/images/AOA_Report_TrapX_AnatomyOfAttack-InternetOfThings.pdf)
RSA brings more evidence that sophisticated cyber criminal and state sponsored groups are looking for ways to compromise technology supply chains. On Wednesday, the company wrote about what is describes as an attempted “supply chain subversion” attack (https://blogs.rsa.com/attacking-a-pos-supply-chain-part-1/) against a prominent point of sale (POS) hardware vendor with links to the PoSeidon point of sale malware campaign.(http://blogs.cisco.com/security/talos/poseidon).
RSA said it detected a sophisticated “spear phishing” campaign against a European POS vendor. According to RSA, e-mail messages were sent to a “small number of employees” of the Point of Sale system vendor posing as support emails from a customer (a prominent New York City restaurant). A malicious Microsoft Word document attached to the e-mail, if opened, installed a copy of the Vawtrak banking Trojan, which is adept at credential theft, according to The Security Ledger. (https://securityledger.com/2015/04/rsa-warns-of-supply-chain-attack-on-point-of-sale-vendors/)
The company said the goal of the attack was apparently to compromise the vendor itself, providing an avenue to “realize subversion of the vendor’s firmware or software built into the products.”
RSA brings more evidence that sophisticated cyber criminal and state sponsored groups are looking for ways to compromise technology supply chains. On Wednesday, the company wrote about what is describes as an attempted “supply chain subversion” attack (https://blogs.rsa.com/attacking-a-pos-supply-chain-part-1/) against a prominent point of sale (POS) hardware vendor with links to the PoSeidon point of sale malware campaign.(http://blogs.cisco.com/security/talos/poseidon).
RSA said it detected a sophisticated “spear phishing” campaign against a European POS vendor. According to RSA, e-mail messages were sent to a “small number of employees” of the Point of Sale system vendor posing as support emails from a customer (a prominent New York City restaurant). A malicious Microsoft Word document attached to the e-mail, if opened, installed a copy of the Vawtrak banking Trojan, which is adept at credential theft, according to The Security Ledger. (https://securityledger.com/2015/04/rsa-warns-of-supply-chain-attack-on-point-of-sale-vendors/)
The company said the goal of the attack was apparently to compromise the vendor itself, providing an avenue to “realize subversion of the vendor’s firmware or software built into the products.”