NetSarang — a software vendor “used by hundreds of large companies worldwide, including those in financial services, education, telecoms, manufacturing, energy and transportation,” according to a spokeswoman from Kaspersky Labs — has closed and locked a dangerous back door in one of its software systems, which hackers could have used to infect businesses using the server management system around the world. Researchers at Kaspersky Lab discovered the back door and notified NetSarang, which quickly removed the malicious code and released an update for customers.
The supply chain attack known as ShadowPad is one of the largest known. The back door could have allowed hackers to download malicious modules to systems using the software or to steal data from them, Kaspersky Lab said in a press release.
“ShadowPad is an example of how dangerous and widescale a successful supply chain attack can be. Given the opportunities for reach and data collection it gives to the attackers, most likely it will be reproduced again and again with some other widely used software component,” said Igor Soumenkov, security expert, Global Research and Analysis Team, Kaspersky Lab.
Kaspersky’s Global Research and Analysis Team heard from a partner financial institution in July that it had noticed suspicious domain name server requests originating on its system while processing financial transactions. Kaspersky traced the activity back to the server management software, which is used not only in financial services but in education, telecoms, manufacturing, energy and transportation.
NetSarang issued a news statement apologizing for the cybersecurity breach and assuring customers that it had incorporated a more robust system to prevent situations like this in the future. The company said it hopes to regain users’ trust, but that may be easier said than done.
“The security of our customers and user base is our highest priority and ultimately, our responsibility,” NetSarang said in its statement. “The fact that malicious groups and entities are utilizing commercial and legitimate software for illicit gain is an ever-growing concern … NetSarang is committed to its users’ privacy and has incorporated a more robust system to ensure that never again will a compromised product be delivered to its users.”
The malicious code was embedded in a recent, legitimate software update. Users of the NetSerang system are urged to run the patched update immediately, as the cybersecurity threat may still be lying dormant on their system.