A new blog post today from application security testing firm Checkmarx Ltd. details the first known open-source supply chain attacks against the banking sector.

An open-source software supply chain attack is a cybersecurity threat where attackers infiltrate software systems by exploiting vulnerabilities in the open-source components the software relies on. In the first half of 2023, several attacks specifically targeting the banking sector were detected by Checkmarx’s Supply Chain research team that used this method.

The supply chain attacks are said to have exhibited advanced and highly sophisticated techniques. Those behind the attacks targeted specific components within the web assets of the targeted banks, attaching malicious functionalities to these elements. The use of such targeted, component-specific strategies is noted in the report to signal a shift toward more precision-oriented cyberattacks, indicating a high level of planning and execution on the part of the cyber criminals.

Because cybercriminals are always trying to avoid attention, the attacks employ an array of deceptive tactics. Some of the attacks involved the creation of fake LinkedIn profiles to maintain a façade of credibility, a step designed to trick even the most vigilant observers.

The attackers also set up customized command-and-control centers for each of their targets, highlighting a high level of customization in their attack strategies. The level of personalized approaches in cyberattacks is argued to require vigilance and reinforced cybersecurity measures from the banking sector.

Additionally, the Checkmarx team uncovered the use of the Havoc Framework to bypass stringent security measures. The Havoc Framework is an open-source repository C2 framework that is used by threat actors as an alternative to Cobalt Strike and Brute Ratel. The threat actors upload carefully crafted payloads of malicious code to Node Package Manager, blending in with a victim’s website and making the malicious code very difficult to detect.

“Our primary intention with this blog [post] is to shine a light on the Tactics, Techniques and Procedures we’ve observed and foster collective understanding and awareness of these emerging threats,” the post concludes. “The need of the hour is to stay vigilant, continuously evolve our defenses and stay a step ahead of the threat actors.”

Image: Bing Image Creator