Story image

ShadowPad exploit ‘one of the biggest’ APAC supply chain attacks

22 Aug 17

Malaysia’s Computer Emergency Response Team (MyCERT) has commented on what has been called one of the biggest known supply chain attacks which affected multiple software products in the NetSarang range.

Several recent versions of NetSarang Server Management software were compromised by the ‘ShadowPad’ exploit. The exploit is capable of allowing attackers to download additional malware or steal confidential business data.

The exploit seems to have hit victims with IP addressed originating in Malaysia, according to MyCERT. A statement from NetSarang says that the exploit has been spotted once in the wild in Hong Kong.

“ShadowPad is an example of how dangerous and wide-scale a successful supply-chain attack can be. Given the opportunities for reach and data collection it gives to the attackers, most likely it will be reproduced again and again with some other widely used software component,” comment Kaspersky Labs researchers.

The victims downloaded the compromised software between July 18 and August 4 this year, the MyCERT advisory says. NetSarang has released new versions of the software.

The products caught up in the backdoor are limited to:

•    Xmanager Enterprise 5.0 Build 1232
•    Xmanager 5.0 Build 1045
•    Xshell 5.0 Build 1322
•    Xftp 5.0 Build 1218
•    Xlpd 5.0 Build 1220

“To combat the ever-changing landscape of cyberattacks NetSarang has incorporated various methods and measures to prevent our line of products from being compromised, infected, or utilized by cyberespionage groups. Regretfully, the Build release of our full line of products on July 18th, 2017 was unknowingly shipped with a backdoor which had the potential to be exploited by its creator,” a statement from NetSarang says.

MyCERT recommends that all businesses who use the affected software to stop using them immediately and apply available patches.

“Users can update by going to Help -> Check for Updates directly in their client or download the latest Build from NetSarang website.”

The latest Builds are Xmanager Enterprise Build 1236, Xmanager Build 1049, Xshell Build 1326, Xftp Build 1222, and Xlpd Build 1224.

NetSarang is committed to its users’ privacy and has incorporated a more robust system to ensure that never again will a compromised product be delivered to its users. NetSarang will continue to evaluate and improve our security not only to combat the efforts of cyber espionage groups around the world but also in order to regain the trust of its loyal user base.”

Generally, MyCERT advises the users of this software to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.

“We are working with Kaspersky Labs to further evaluate the exploit and will update our users with any pertinent information,” NetSarang concludes.

Cisco expands security capabilities of SD­-WAN portfolio
Until now, SD-­WAN solutions have forced IT to choose between application experience or security.
AlgoSec delivers native security management for Azure Firewall
AlgoSec’s new solution will allow a central management capability for Azure Firewall, Microsoft's new cloud-native firewall-as-a-service.
How to configure your firewall for maximum effectiveness
ManageEngine offers some firewall best practices that can help security admins handle the conundrum of speed vs security.
Exclusive: Why botnets will swarm IoT devices
“What if these nodes were able to make autonomous decisions with minimal supervision, use their collective intelligence to solve problems?”
Why you should leverage a next-gen firewall platform
Through full lifecycle-based threat detection and prevention, organisations are able to manage the entire threat lifecycle without adding additional solutions.
The quid pro quo in the IoT age
Consumer consciousness around data privacy, security and stewardship has increased tenfold in recent years, forcing businesses to make customer privacy a business imperative.
ForeScout acquires OT security company SecurityMatters for US$113mil
Recent cyberattacks, such as WannaCry, NotPetya and Triton, demonstrated how vulnerable OT networks can result in significant business disruption and financial loss.
Exclusive: Fileless malware driving uptake of behavioural analytics
Fileless malware often finds its way into organisations via web browsers (or in combination with other vectors such as infected USB drives).