DigitalCIO
  • Home
  • Tech News
  • Market Insights
  • CIO Interviews
  • Events and Conferences
  • Opinion and Analysis
  • Resources
No Result
View All Result
DigitalCIO
  • Home
  • Tech News
  • Market Insights
  • CIO Interviews
  • Events and Conferences
  • Opinion and Analysis
  • Resources
No Result
View All Result
Digitalcio
No Result
View All Result
Home Tech News

Microsoft Uncovers Multi-Tier Supply Chain Attack

DigitalCIO Bureau by DigitalCIO Bureau
July 30, 2018
in Tech News
0
74
SHARES
1.2k
VIEWS
Share on FacebookShare on Twitter

Microsoft has shared details of a new attack that attempted to spread crypto-mining malware to a large number of users by compromising the software supplying partner of an application developer.

The multi-tier attack relied on compromising the shared infrastructure between a PDF editor vendor and one of its partners that provided additional font packages for the application: the attackers aimed at the supply chain of the supply chain.

Limited in nature, Microsoft said the compromise appeared to be active between January and March 2018, and could have impacted six other vendors working with the font package provider.

Carried out silently, the attack initially appeared as a typical infection and was automatically blocked, but the same infection pattern was observed across a large number of machines.Windows Defender APT eventually alerted on nearly 70,000 cases incidents involving a coin mining process masquerading as pagefile.sys, which was launched by a service named xbox-service.exe,as reported.

Microsoft’s investigation revealed that a malicious installer package (MSI) was being downloaded by a PDF editor during installation, along with other legitimate installers. It was then discovered that the application vendor itself hadn’t been compromised, but the malicious package was served by a partner that creates and distributes additional font packages used by the app.

The attackers discovered a weakness in the interactions between the app vendor and its partner and also found a way to leverage it to hijack the installation chain of the MSI font packages, thus turning the PDF editor into the unexpected carrier of the malicious payload.

Microsoft discovered that the attackers had created a replica of the software partner’s infrastructure on their own server and copied and hosted all MSI files, including font packages, there. They only modified an Asian fonts package to add the malicious payload to it.The attackers also managed to influence the download parameters used by the PDF app so as to point to their server, which resulted in the download of MSI font packages from the rogue server. Thus, users ended up installing the coin miner malware along with the legitimate application.

At device restart, the malicious MSI file would be replaced with the legitimate version. Microsoft also discovered hardcoded PDF app names in the malicious package and concluded that at least six additional vendors might have been targeted by the attackers.

“While we were not able to find evidence that these other vendors distributed the malicious MSI, the attackers were clearly operating with a broader distribution plot in mind,” Microsoft says.

Detected as Trojan:Win64/CoinMiner, the malicious miner would hide behind the name xbox-service.exe and use the infected machine’s resources to mine for Monero. The malware also attempts to prevent remote cleaning and remediation by blocking communication with the update servers of certain PDF apps.

The threat also hinted at browser scripts as an alternative form of coin mining, but it’s unclear whether this was a secondary plan or work in progress.

“This new supply chain incident did not appear to involve nation-state attackers or sophisticated adversaries but appears to be instigated by petty cybercriminals trying to profit from coin mining using hijacked computing resources,” Microsoft’s says.

Share30Tweet19
DigitalCIO Bureau

DigitalCIO Bureau

Recommended For You

CrowdStrike Acquires Application Security Management Startup Bionic

by DigitalCIO Bureau
September 22, 2023
0
CRISIL To Acquire Bridge To India Energy

CrowdStrike has announced it has agreed to acquire Bionic, the pioneer of Application Security Posture Management (ASPM). The combination will extend CrowdStrike’s leading Cloud Native Application Protection Platform...

Read more

Generative AI Technologies to Execute 60% of Seller Work Within Five Years

by DigitalCIO Bureau
September 22, 2023
0
Generative AI Technologies to Execute 60% of Seller Work  Within Five Years

By 2028, 60% of B2B seller work will be executed through conversational user interfaces via generative AI sales technologies, up from less than 5% in 2023, according to...

Read more

CtrlS Datacenters Appoints Mohit Pande as Chief Financial Officer

by DigitalCIO Bureau
September 22, 2023
0
CtrlS Datacenters Appoints Mohit Pande as Chief Financial Officer

CtrlS Datacenters has announced the appointment of Mohit Pande as its Chief Financial Officer (CFO). The appointment will strengthen the leadership team with Mohit’s 23-year experience in the...

Read more

Black Box Laucnhes Its New Center of Excellence

by DigitalCIO Bureau
September 22, 2023
0
Black Box Laucnhes Its New Center of Excellence

Black Box Limited (formerly AGC Networks Limited)  has announced the inauguration of its new Center of Excellence located in Bengaluru, India. Black Box is one of Essar’s key...

Read more

Attackers Misusing Email Inbox Rules

by DigitalCIO Bureau
September 22, 2023
0
Attackers Misusing Email Inbox Rules

Barracuda has unveiled a new Threat Spotlight, that shows how attackers can misuse inbox rules in a successfully compromised account to evade detection while they – among other things –...

Read more
Next Post

Samsung Gear IconX 2018 Wireless Earbuds Launched

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Related News

Milestone Systems Introduces Centralized Search

October 11, 2019

Broadcom Buys CA Technologies

July 14, 2018

72% Indian firms see Covid-19 impact going beyond 6 months

April 10, 2020

Browse by Category

  • Appointment
  • Archive
  • Artificial Intelligence
  • CIO Interviews
  • Cloud
  • Datacenter
  • Events and Conferences
  • Market Insights
  • News
  • Opinion and Analysis
  • Resources
  • Security
  • Storage
  • Tech News
Digitalcio

Welcome to DigitalCIO, your ultimate source for staying ahead in the ever-evolving world of technology and business.

CATEGORIES

  • Tech News
  • Market Insights
  • CIO Interviews
  • Events and Conferences
  • Opinion and Analysis
  • Resources
  • Archive

BROWSE BY TAG

Acquisition AI AIOps Appointment artificial intelligence Artificial Intelligence and Machine Learning Big Data and Analytics Blockchain CISCO Cloud Computing Cloudflare CommScope CrowdStrike Customer Experience Cybersecurity Deloitte Digital Transformation E-books ESG Everest Group Gartner Generative AI IDC Infographics Infosys Internet of Things (IoT) Nessus Expert Netskope New Relic Nextiva o9 Solutions Oracle Panel Discussion Public cloud ransomware Redington Limited Salesforce software Sophos Sustainability Tenable Veeam Software Webinars WeWork India Whitepaper

NAVIGATION

  • Home
  • About Us
  • Advertise with Us
  • Contact Us

© 2023 digitalcio.in - All rights reserved.

No Result
View All Result
  • Home
  • Tech News
  • Market Insights
  • CIO Interviews
  • Events and Conferences
  • Opinion and Analysis
  • Resources

© 2023 digitalcio.in - All rights reserved.

Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?