Story image

ShadowPad exploit ‘one of the biggest’ APAC supply chain attacks

22 Aug 2017

Malaysia’s Computer Emergency Response Team (MyCERT) has commented on what has been called one of the biggest known supply chain attacks which affected multiple software products in the NetSarang range.

Several recent versions of NetSarang Server Management software were compromised by the ‘ShadowPad’ exploit. The exploit is capable of allowing attackers to download additional malware or steal confidential business data.

The exploit seems to have hit victims with IP addressed originating in Malaysia, according to MyCERT. A statement from NetSarang says that the exploit has been spotted once in the wild in Hong Kong.

“ShadowPad is an example of how dangerous and wide-scale a successful supply-chain attack can be. Given the opportunities for reach and data collection it gives to the attackers, most likely it will be reproduced again and again with some other widely used software component,” comment Kaspersky Labs researchers.

The victims downloaded the compromised software between July 18 and August 4 this year, the MyCERT advisory says. NetSarang has released new versions of the software.

The products caught up in the backdoor are limited to:

•    Xmanager Enterprise 5.0 Build 1232 •    Xmanager 5.0 Build 1045 •    Xshell 5.0 Build 1322 •    Xftp 5.0 Build 1218 •    Xlpd 5.0 Build 1220

“To combat the ever-changing landscape of cyberattacks NetSarang has incorporated various methods and measures to prevent our line of products from being compromised, infected, or utilized by cyberespionage groups. Regretfully, the Build release of our full line of products on July 18th, 2017 was unknowingly shipped with a backdoor which had the potential to be exploited by its creator,” a statement from NetSarang says.

MyCERT recommends that all businesses who use the affected software to stop using them immediately and apply available patches.

“Users can update by going to Help -> Check for Updates directly in their client or download the latest Build from NetSarang website.”

The latest Builds are Xmanager Enterprise Build 1236, Xmanager Build 1049, Xshell Build 1326, Xftp Build 1222, and Xlpd Build 1224.

NetSarang is committed to its users’ privacy and has incorporated a more robust system to ensure that never again will a compromised product be delivered to its users. NetSarang will continue to evaluate and improve our security not only to combat the efforts of cyber espionage groups around the world but also in order to regain the trust of its loyal user base.”

Generally, MyCERT advises the users of this software to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.

“We are working with Kaspersky Labs to further evaluate the exploit and will update our users with any pertinent information,” NetSarang concludes.

Cloud application attacks in Q1 up by 65% - Proofpoint
Proofpoint found that the education sector was the most targeted of both brute-force and sophisticated phishing attempts.
Singapore firm to launch borderless open data sharing platform
Singapore-based Ocean Protocol, a decentralised data exchange that promotes data sharing, has revealed details of what could be the kickstart to a global and borderless data economy.
Huawei picks up accolades for software-defined camera ecosystem
"The company's software defined capabilities enable it to future-proof its camera ecosystem and greatly lower the total cost of ownership (TCO), as its single camera system is applicable to a variety of application use cases."
Tech community rocked by deaths of Atta Elayyan and Syed Jahandad Ali
Both men were among the 50 killed in the shooting in Christchurch last Friday when a gunman opened fire at two mosques.
NZ ISPs block internet footage of Christchurch shootings
2degrees, Spark, Vodafone and Vocus are now blocking any website that shows footage of the mosque shootings.
Barracuda expands MSP security offerings with RMM acquisition
Managed Workplace delivers an RMM platform with security tools and services, such as site security assessments, Office 365 account management, and integrated third-party antivirus.
Flashpoint: APAC companies must factor geopolitics in cyber strategies
The diverse geopolitical and economic interests of the states in the region play a significant role in driving and shaping cyber threat activity against entities operating in APAC.
Expert offers password tips to aid a stress-free sleep
For many cybersecurity professionals, the worries of the day often crawl into night-time routines - LogMeIn says better password practices can help.