,

Supply Chain Attacks – Die Lieferkette schlägt zurück

Verena Eichinger

ein Artikel von Verena Eichinger, Amelie Kassner und Elisa Zeller

Quellen

[1]Abrams, L. (2021, 26. Juli). Researchers warn of unpatched Kaseya Unitrends backup vulnerabilities. BleepingComputer. https://www.bleepingcomputer.com/news/security/researchers-warn-of-unpatched-kaseya-unitrends-backup-vulnerabilities/
[2]Bajak, F. (2020, 19. Dezember). Hacked networks will need to be burned „down to the ground“. AP NEWS. https://apnews.com/article/hacking-russia-bafff5557a8941aa1a5ef239d36c4e28
[3]Bing, C. (2020, 19. Dezember). Second hacking team was targeting SolarWinds at time of big breach. Reuters. https://www.reuters.com/article/usa-cyber-solarwinds/second-hacking-team-was-targeting-solarwinds-at-time-of-big-breach-idINKBN28T0SZ
[4]CISQ. (o. D.-a). Overview | CISQ – Consortium for Information & Software Quality. CISQ Consortium for Information & Software Quality. Abgerufen am 3. August 2021, von https://www.it-cisq.org/overview.htm
[5]CISQ. (o. D.-b). Software Bill of Materials | CISQ – Consortium for Information & Software Quality. CISQ Consortium for Information & Software Quality. Abgerufen am 3. August 2021, von https://www.it-cisq.org/software-bill-of-materials/index.htm
[6]CISQ. (o. D.-c). Software Quality Standards – ISO 5055 | CISQ – Consortium for Information & Software Quality. CISQ Consortium for Information & Software Quality. Abgerufen am 3. August 2021, von https://www.it-cisq.org/standards/code-quality-standards/
[7]CrowdStrike Intelligence Team. (2021, 11. Juli). SUNSPOT Malware: A Technical Analysis | CrowdStrike. CrowdStrike Blog. https://www.crowdstrike.com/blog/sunspot-malware-technical-analysis/
[8]Ekran. (o. D.). Ekran System — Full Cycle Insider Risk Management Solution. Abgerufen am 7. August 2021, von https://www.ekransystem.com/de
[9]FireEye. (2020, 13. Dezember). Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor. https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html
[10]Gatlan, S. (2021, 31. Juli). DOJ: SolarWinds hackers breached emails from 27 US Attorneys’ offices. BleepingComputer. https://www.bleepingcomputer.com/news/security/doj-solarwinds-hackers-breached-emails-from-27-us-attorneys-offices/
[11]Google. (2021b, Juni 16). Introducing SLSA, an End-to-End Framework for Supply Chain Integrity. Google Online Security Blog. https://security.googleblog.com/2021/06/introducing-slsa-end-to-end-framework.html
[12]Grane, V. (2021, 13. Juli). How a supply chain attack closed one of Sweden’s largest supermarket chains. IBM Nordic Blog. https://www.ibm.com/blogs/nordic-msp/how-a-supply-chain-attack-closed-one-of-swedens-largest-supermarket-chains/
[13]GRC World Forums. (2021, 7. Juli). REvil hits thousands in largest-ever ransomware attack. https://www.grcworldforums.com/ransomware/revil-hits-thousands-in-largest-ever-ransomware-attack/2167.article
[14]Greive, M. (2021, 14. Juli). Corona dreht die Globalisierung nicht zurück. Handelsblatt. https://www.handelsblatt.com/politik/international/ifo-umfrage-kein-ende-der-globalisierung-deutsche-wirtschaft-setzt-weiter-auf-weltweite-lieferketten/27422444.html?ticket=ST-462586-M4fRdtOHNusBDQjfiUEn-ap3
[15]Hammond, J. (2021, 20. Juli). Security Researchers’ Hunt to Discover Origins of the Kaseya VSA Mass Ransomware Incident. Huntress. https://www.huntress.com/blog/security-researchers-hunt-to-discover-origins-of-the-kaseya-vsa-mass-ransomware-incident
[16]Kaczorowski, M. (2021, 2. September). Secure at every step: What is software supply chain security and why does it matter? The GitHub Blog. https://github.blog/2020-09-02-secure-your-software-supply-chain-and-protect-against-supply-chain-threats-github-blog/
[17]Kaseya. (2021, 29. Juli). Important Notice July 29th, 2021. https://helpdesk.kaseya.com/hc/en-gb/articles/4403440684689
[18]Kaseya. (o. D.). Incident Overview & Technical Details. Abgerufen am 3. August 2021, von https://helpdesk.kaseya.com/hc/en-gb/articles/4403584098961
[19]Kessem, L. (2021, 7. Juli). REvil Ransomware Gang Launches Major Supply Chain Attack Through Kaseya. Security Intelligence. https://securityintelligence.com/posts/revil-ransomware-kaseya-supply-chain-attack/
[20]Korolov, M. (2021, 4. Februar). Supply chain attacks show why you should be wary of third-party providers. CSO Online. https://www.csoonline.com/article/3191947/supply-chain-attacks-show-why-you-should-be-wary-of-third-party-providers.html
[21]Kost, E. K. (2021, 30. Juni). 11 Tactics to Prevent Supply Chain Attacks (Highly Effective) | UpGuard. UpGuard. https://www.upguard.com/blog/how-to-prevent-supply-chain-attacks#toc-11-tips-how-to-prevent-supply-chain-attacks
[22]Krebs, B. (2020a, Dezember 14). U.S. Treasury, Commerce Depts. Hacked Through SolarWinds Compromise. KrebsOnSecurity. https://krebsonsecurity.com/2020/12/u-s-treasury-commerce-depts-hacked-through-solarwinds-compromise/
[23]Krebs, B. (2020b, Dezember 16). Malicious Domain in SolarWinds Hack Turned into ‘Killswitch’. KrebsOnSecurity. https://krebsonsecurity.com/2020/12/malicious-domain-in-solarwinds-hack-turned-into-killswitch/
[24]Krebs, B. (2020c, 18. Dezember). VMware Flaw a Vector in SolarWinds Breach? KrebsOnSecurity. https://krebsonsecurity.com/2020/12/vmware-flaw-a-vector-in-solarwinds-breach/
[25]Krebs, B. (2021a, 12. Januar). SolarWinds: What Hit Us Could Hit Others. KrebsOnSecurity. https://krebsonsecurity.com/2021/01/solarwinds-what-hit-us-could-hit-others/
[26]Krebs, B. (2021b, April 16). Did Someone at the Commerce Dept. Find a SolarWinds Backdoor in Aug. 2020? KrebsOnSecurity. https://krebsonsecurity.com/2021/04/did-someone-at-the-commerce-dept-find-a-solarwinds-backdoor-in-aug-2020/
[27]Lemon, J. (2020, 15. Dezember). SolarWinds Hides List of Its High-Profile Corporate Clients After Hack. Newsweek. https://www.newsweek.com/solarwinds-hides-list-its-high-profile-corporate-clients-after-hack-1554943
[28]Microsoft Defender Security Research Team. (2018, 26. Juli). Attack inception: Compromised supply chain within a supply chain poses new risks. Microsoft Security Blog. https://www.microsoft.com/security/blog/2018/07/26/attack-inception-compromised-supply-chain-within-a-supply-chain-poses-new-risks/
[29]Microsoft 365 Defender Research Team & Microsoft Threat Intelligence Center. (2020, 18. Dezember). Analyzing Solorigate, the compromised DLL file that started a sophisticated cyberattack, and how Microsoft Defender helps protect customers. Microsoft Security Blog. https://www.microsoft.com/security/blog/2020/12/18/analyzing-solorigate-the-compromised-dll-file-that-started-a-sophisticated-cyberattack-and-how-microsoft-defender-helps-protect/
[30]Möbus, M. (2021, 26. Juli). GitLab schickt Package Hunter auf die Jagd nach Schadcode. Developer. https://www.heise.de/news/GitLab-schickt-Package-Hunter-auf-die-Jagd-nach-Schadcode-6147526.html
[31]MSRC. (2020, 13. Dezember). Customer Guidance on Recent Nation-State Cyber Attacks. Microsoft Security Response Center. https://msrc-blog.microsoft.com/2020/12/13/customer-guidance-on-recent-nation-state-cyber-attacks/
[32]MSRC Team. (2020, 21. Dezember). Nobelium Resource Center – updated March 4, 2021. Microsoft Security Response Center. https://msrc-blog.microsoft.com/2020/12/21/december-21st-2020-solorigate-resource-center/
[33]Reed, M., Miller, J. F. & Popick, P. (2014). Supply Chain Attack Framework and Attack Patterns.Office of the Deputy Assistant Secretary of Defense. https://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.648.6043&rep=rep1&type=pdf
[34]Riley, W. (o. D.). SUPERNOVA SolarWinds .NET Webshell Analysis. GuidePoint Security. Abgerufen am 3. August 2021, von https://www.guidepointsecurity.com/blog/supernova-solarwinds-net-webshell-analysis/
[35]Schirrmacher, D. (2021, 12. Juli). Jetzt patchen! Sicherheitspatch schließt REvil-Lücke in Kaseya VSA. Security. https://www.heise.de/news/Jetzt-patchen-Sicherheitspatch-schliesst-REvil-Luecke-in-Kaseya-VSA-6134473.html?wt_mc=rss.red.ho.top-news.atom.beitrag.beitrag
[36]Schmidt, J. (2021, 14. Juli). Cybercrime-Bande REvil von der Bildfläche verschwunden. Security. https://www.heise.de/news/Cybercrime-Bande-REvil-von-der-Bildflaeche-verschwunden-6137119.html?wt_mc=rss.red.ho.top-news.atom.beitrag.beitrag
[37]Schneier, B. (2021, 1. März). National Security Risks of Late-Stage Capitalism – Schneier on Security. Schneier on Security. https://www.schneier.com/blog/archives/2021/03/national-security-risks-of-late-stage-capitalism.html
[38]SecureTeam. (2021, 24. Februar). What is a dependency confusion attack? https://secureteam.co.uk/news/what-is-a-dependency-confusion-attack/
[39]Segerer, N. (2020, 31. Juli). So steht es um die Software Supply Chain. ZDNet.de. https://www.zdnet.de/88381932/so-steht-es-um-die-software-supply-chain/
[40]Simpson, D., Halfin, D., Gorzelany, A. M., Woodbury, B. & “eavena”. (2021, 13. April). Supply chain attacks – Windows security. Microsoft Docs. https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/supply-chain-malware
[41]Smith, B. (2020, 17. Dezember). A moment of reckoning: the need for a strong and global cybersecurity response. Microsoft On the Issues. https://blogs.microsoft.com/on-the-issues/2020/12/17/cyberattacks-cybersecurity-solarwinds-fireeye/
[42]Software Engineering Institute. (2010, Mai). Evaluating and Mitigating Software Supply Chain Security Risks (CMU/SEI-2010-TN-016). https://apps.dtic.mil/sti/pdfs/ADA522538.pdf
[43]SolarWinds. (2020, 14. Dezember). SolarWinds Customers. Internet Archive. https://web.archive.org/web/20201214143046/https:/www.solarwinds.com/company/customers
[44]SolarWinds. (2021, 6. April). Security Advisory RE: CERT Emergency Directive | SolarWinds. https://www.solarwinds.com/sa-overview/certadvisory
[45]SPIEGEL Netzwelt. (2021, 6. Juli). Consent. DER SPIEGEL, Hamburg, Germany. https://www.spiegel.de/consent-a-?targetUrl=https%3A%2F%2Fwww.spiegel.de%2Fnetzwelt%2Fweb%2Fransomware-bis-zu-1500-firmen-werden-von-revil-erpresst-a-4144c655-54d2-454a-b50c-c8ddbe8f161e
[46]Storm, I. T. (2021, 30. Juli). REvil-Verschlüsselungs-Trojaner kam als Sicherheitsupdate getarnt. c’t Magazin. https://www.heise.de/hintergrund/REvil-Verschluesselungs-Trojaner-kam-als-Sicherheitsupdate-getarnt-6151108.html
[47]Sveriges Radio. (2021, 8. Juli). Coop supermarkets reopen after ransomware attack on US tech provider. Radio Sweden | Sveriges Radio. https://sverigesradio.se/artikel/coop-supermarkets-reopen-after-ransomware-attack-on-us-tech-provider
[48]Symantec Thread Hunter Team. (2021, 18. Januar). Raindrop: New Malware Discovered in SolarWinds Investigation. Symantec Blogs. https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/solarwinds-raindrop-malware
[49]Tech Target Contributor. (2021, 7. Mai). Kill switch. Techtarget. https://whatis.techtarget.com/definition/kill-switch
[50]Tennis, M. (2020, 17. Dezember). SUPERNOVA: A Novel .NET Webshell. Unit42. https://unit42.paloaltonetworks.com/solarstorm-supernova/
[51]Tucker, E. (2021, 20. Mai). Hackers targeted SolarWinds earlier than previously known. AP NEWS. https://apnews.com/article/hacking-business-technology-government-and-politics-b221968496ed498457ab56aae7970c90
[52]UpGuard. (o. D.). About Us. UpGuard. https://www.upguard.com/about
[53]Venables, P. & Adkins, H. (2021, 15. Januar). How we’re helping to reshape the software supply chain ecosystem securely. Google Cloud Blog. https://cloud.google.com/blog/products/identity-security/how-were-helping-reshape-software-supply-chain-ecosystem-securely
[54]Wikipedia-Autoren. (2021a, 20. März). Lieferkette. Wikipedia. https://de.wikipedia.org/wiki/Lieferkette
[55]Wikipedia-Autoren. (2021b, Mai 31). Managed Services Provider. Wikipedia. https://de.wikipedia.org/wiki/Managed_Services_Provider
[56]Wikipedia-Autoren. (2021c, Juni 9). Indicator of compromise. Wikipedia. https://de.wikipedia.org/wiki/Indicator_of_compromise
[57]Wikipedia contributors. (2021, 23. Juli). Supply chain attack. Wikipedia. https://en.wikipedia.org/wiki/Supply_chain_attack

Pages: 1 2 3 4 5 6 7


Posted

in

,

by

Verena Eichinger

Comments

Leave a Reply