Is CCleaner the Tip of an Iceberg of Supply Chain Hacks? And Alexa: did China hack us Last Night?

In the latest Security Ledger podcast, Paul speaks with Michael Gorelik of the firm Morphisec about the hack of security software vendor CCleaner – a hack that Gorelik’s firm discovered. CCleaner, he says, may just be the tip of the iceberg when it comes to supply chain hacks. And: “Alexa: have we been hacked by China?” Paul speaks with Grant Wernick of the firm Insight Engines, which is releasing a product this week that integrates the Splunk log management tool with Amazon’s voice assistant. 

In June, the NotPetya malware spread to hundreds of companies across the globe by posing as a legitimate software update from the Ukrainian financial software firm MeDocs. The trail of destruction from that attack is still being recorded. Just last week, for example, the firm FedEx revealed that the NotPetya outbreak cost it $300m in the quarter.

As sophisticated adversaries have become more crafty about finding ways onto corporate networks, so-called supply chain attacks that compromise legitimate, third-party software applications have become popular. In this week’s Security Ledger podcast we’re delving into the latest of these: the attack on CCleaner, a popular malware scanning tool by the firm Piriform (recently acquired by Avast.)

CCLeaner malware flow
An analysis of the code used in the CCleaner attack reveals similarities to an earlier APT group based in China.

In this week’s episode, we talk with Michael Gorelik, the Chief Technology Officer at the firm Morphisec, which discovered the compromise. He talks about how his company stumbled on the security breach and why they were shocked by what they found. He also tells us that CCleaner may be the tip of the iceberg in supply chain attacks.

Also: the U.S. faces an acute shortage of skilled information security workers, companies are looking for ways to enable lower-skilled workers to “level up.” And one way to do that is with some help from computers and artificial intelligence. In this week’s podcast, we’re also speaking with Grant Wernick, the CEO of the firm Insight Engines which is releasing a new product that will allow users of the Splunk log and event management platform to ask questions of the platform via Amazon’s Alexa digital assistant.

Wernick said the future holds much bigger things for voice-based interactions than just asking what the weather will be tomorrow or setting your alarm clock. Insight Engines’ Cyber Security Investigator (CSI) for Splunk, which comes out this week, lets security analysts ask questions of the log and security information management tool using natural English language expressions. The product could be the first of many to break down the barriers to the information security space by obviating obscure and complex query languages that are needed to run many advanced analysis tools, Wernick said. But don’t get too carried away: Alexa isn’t quite ready to start speaking cyber.

As always: check our full conversation in our latest Security Ledger podcast below or over at Soundcloud. You can also listen to it on iTunes.  As always, if you like our intro music, give some love to the group JoeLess Shoe, who recorded “Baxton,” the song we use in just about every podcast.

Security Ledger wants to hear your thoughts! Leave a reply.