In an interview with Digito, the security expert cited software download sites as a potential threat to private and government organizations, which could facilitate the penetration of these collections’ networks. He called on cyber security organizations to intervene and prevent possible catastrophes.
The recent cyber attack on the smart fuel system has raised many security concerns. Typically, when it comes to cyber-attacks, everyone’s mind wanders to the vast and complex hacks that take days or even months to penetrate the systems of a set of times.
But sometimes there are easy ways to just wait for the prey to be trapped and then easily infiltrate an organization. ESXi, Windows, and crack versions of popular software are among the prey that can be used to hack.
A simple issue that many public and private companies do not take seriously at the moment and go to thousands of software download sites to install software on their employees’ systems and use the cracks in these sites.
If people want to infiltrate Iranian companies and organizations, it is enough to be able to hack the servers of one or more software download sites and inject a backdoor silently into the crack of the software on the servers of these sites. “Backdoor” is a program that allows the intruder to bypass the security process of the system, the various resources of the system to the intruder through the appropriate way.
After that, when the admins of the organizations go to download the software they need from these websites, the backdoors are set up in the organization’s network. This major security breach seems to have been completely overlooked by the country’s cyber security agencies, and evidence shows that there are no guidelines for providing non-original software in organizations.
But to what extent is this influence possible and what are the solutions in this field? To answer these questions, we went to “Ali Kiaifar”, the security manager of industrial control systems of Modbaran company and an information security expert.
Attack the software required by the organization; Replace direct hacker attack
“Infiltration of public and private organizations has become more difficult than in the past,” Kiaifar told Digito.
“Currently, almost all major organizations on the edge of their network use the appropriate security equipment and constantly address vulnerabilities in their equipment and software. “Therefore, infiltrating such organizations has become more difficult than in the past.”
But he says a new form of cyber attack on organizations has been around for several years, known as the “Supply Chain Attack.” In this method, the hacker attacks one of the software used in that organization instead of attacking it directly.
To make this clearer, the security expert went on to give a simple example of a Supply Chain Attack:
“Suppose a hacker tries to attack Organization X.” In the first step, he tries to open a loophole through the vulnerabilities in the X organization’s network, but he does not succeed. In the second step, the website of Organization X is checked a bit and it is easy to see that this organization (for example) uses office automation software produced by Company Y. “Or he realizes that Company Y has named Organization X in its list of customers.”
This is enough for a hacker to try to hack Company Y. If the security of company Y is fragile, it is hacked with a little effort and the hacker accesses the source of office automation software without attracting attention and embeds a backdoor inside it.
Next week, Company Y will release a new version of Office Automation unaware that the new version is infected with Backdoor. Organization X also updates its office automation version, and thus the organization manually installs the Backdoor embedded by the hacker in its network.
Now, with this initiative, the hacker has been able to access not only the X organization network, but also all the networks that use Y company office automation.
Download sites and increase the risk of cyber attacks
As Kiaifar tells Digito, the issue of supply chain attacks in Iran is much more acute, and this goes back to the non-observance of copyright law:
“In Iran, because there is no copyright law, many sites have been created to download cracked software. “These sites have almost become the main reference for downloading various software, and from home users to ministries and sensitive organizations, these sites can be used as a reference to download the software they need.”
Now, a hacker is enough to hack one of these Iranian software download sites to infiltrate Iranian organizations and embed a backdoor inside the crack of commonly used software. Sites that this security expert believes have the most critical vulnerabilities:
“Users and administrators of organizations also download these files containing Backdoor and run them on their own network. It also has Domain Admin access! The interesting thing is that admins disable their antivirus while running these cracks. “If the antivirus also prevents cracks from running and warns the user, it is definitely not a good antivirus from the users’ point of view, because it does not allow infected cracks to run smoothly.”
“This type of attack is technically simple and can be very large in terms of scope,” he told Digito.
“With this type of attack, a large number of networks across the country will be infiltrated in a short period of time. Therefore, it is necessary for the organizations in charge of cyber security in the country to get involved in this issue. Especially when we know that the Israeli regime is concentrating all its cyber power to infiltrate the country’s vital networks and infrastructure and will spare no effort. “Israeli spy agencies may even be able to access download site storage and install backdoors through non-technical methods such as Insider.”
“No.” “These sites aim to monetize through advertising and have no responsibility for the consequences of using cracked files.”
But can a culture of using original software greatly reduce this risk? In response to this question, Digiato believes that several factors should be considered simultaneously in this regard. One of the issues in the sanctions debate is that it is not possible for Iranian users to purchase most of the original foreign software or use their support services: “In most cases, even if the manufacturer realizes that a license is being used in Iran, it may disable it.”
Another issue, he said, is the devaluation of the national currency, which has made it very expensive to purchase a license for a simple foreign software and beyond the purchasing power of many users and even organizations.
“The purchase of original software does not necessarily eliminate zero supply chain attacks,” he said. “Therefore, in my opinion, creating a culture of using the original license for foreign public software is not possible, at least in the current situation.”
High share of software used by organizations in cyber attacks
“According to statistics, 92% of the attacks on organizations are related to the software used in the organization,” Digiato told Digiato. “The percentage of attacks will not take place.”
He believes that most programmers and even software companies do not have the necessary knowledge of security issues and their main goal is to produce products that work. While the main goal should be to make the software work safely:
“On a daily basis, if you follow the news of cyber attacks, you will find many cases that have spread to an organization due to software insecurity. “From vulnerabilities in popular software such as Microsoft Exchange to specific software used in small organizations.”
Software packages are also widely used in offices. Is there a possibility of infiltration through these packages as well? “Naturally, software download sites are more dangerous because they have a wider range of uses,” the security expert said in response to Digito’s question.
Security advice to organizations
Kiaifar devoted the last part of his speech to giving some security advice to the organizations and told Digito:
“First, the list of software that is allowed to be installed in the organization must be specified and defined. Second, the source of the software that is installed in the organization must be valid. This credit can be obtained in different ways. “For example, one way is for software cracks to be done by an internal reverse engineering team, or for crack files to be analyzed by security experts in various sandboxes to verify their working health.”
According to him, this issue should be investigated in the security team of the organization and an executive solution should be developed for it within the organization.