There’s been another supply chain attack, with this one affecting more than 250 regional and national newspaper websites serving cities such as Boston, Chicago, Cincinnati, Miami, New York, Palm Beach and Washington DC. The attack involved compromised JavaScript code used by a media content provider to serve video and advertising on the newpapers’ websites. The compromised malware is used to establish initial access on the network for follow-on attacks and ransomware delivery. Researchers warn that detection is tricky as “(the threat actor has) historically removed and reinstalled these malicious injects on a rotating basis.” “Therefore the presence of the payload and malicious content can vary from hour to hour and shouldn’t be considered a false positive.”
This segment was created for the It’s 5:05 podcast