Cybersecurity Today: NPM Attack, Void Proxy Phishing, and Major Business Disruptions
In this episode of Cybersecurity Today, host David Shipley discusses a recent massive NPM attack that, despite causing significant disruption, left hackers with minimal gains. We also cover a new, highly sophisticated phishing service called Void Proxy, which targets Microsoft and Google accounts. Additionally, we delve into the severe repercussions of cyber attacks on major companies like Jaguar Land Rover and Marks and Spencer, highlighting the wide-ranging impacts on supply chains and leadership. Join us for the latest updates and insights from the world of cybersecurity.
00:00 Introduction and Headlines
00:35 Massive NPM Attack: What Happened?
02:53 Void Proxy: A New Phishing Threat
05:31 Jaguar Land Rover Cyber Attack Impact
06:59 Marks and Spencer Leadership Change
08:04 Conclusion and Final Thoughts
Episode Transcript
Hackers left nearly emptyhanded after massive NPM attack.
New Void proxy phishing servicetargets Microsoft and Google accounts.
Some Jaguar suppliers facing bankruptcyand Marks and Spencer Tech Chief
leaves months after cyber attack.
This is cybersecurity today, and I'myour host, David Shipley, and I'm coming
(00:25):
to you once again from the road thistime from the good city of Toronto
where I'll be speaking at the RSAEFraud Canada Summit later this week.
A single phishing attack ledto the infection of up to 10%
of global cloud environments.
You heard that right?
Last week we got a stark reminder ofjust how fragile our software supply
(00:47):
chain can be with the latest in whatresearchers are calling the largest
supply chain compromise in NPM.
With a single account compromise,attackers slip malicious
code into packages downloadedbillions of times a week.
This incident started when popular.
NPM Maintainer, Josh Juin, knownas Quicks, fell for a phishing
(01:11):
lure that reset his credentials.
Attackers pushed malicious updatesusing those credentials to widely use
packages, including chalk and debug js.
Together those libraries see 2.6billion downloads every week.
The injected code tried tosteal cryptocurrency according
to cybersecurity firm whiz.
(01:32):
During the two hours, the maliciousversions were online, they
reached 10% of cloud environments.
That shows just how fast malicious codecan ripple across our modern ecosystems.
The open source community acted quicklyremoved the package within hours and while
organizations face cleanup and audit work.
(01:53):
Fortunately, the damage appears limited.
The same phishing campaignalso hit duck DB's maintainer.
The attacker's total haulfrom these recent attacks.
About a thousand dollars.
The damage to companies likely in the tensof thousands, if not hundreds of thousands
of dollars in response and cleanup costs.
(02:14):
What they could have done if they hadn'tjust been small time crypto thieves as the
old MasterCard ad used to say, priceless.
This time the impact was small.
But the lesson here is big.
Once a trusted maintainer isbreached, malicious code can spread
at lightning speed across the web.
(02:35):
This constant drumbeat of recent softwaresupply chain attacks feels like we're
heading for a catastrophic momentand no one seems to have the solution
on how to stop that from happening.
And the tools to make that momenthappen are getting even more
powerful, . Researchers have uncovereda new phishing as a service platform
(02:57):
with some dangerous new tricks.
It's called Void Proxy, and ittargets Microsoft 365 Google Accounts
and even Okta Single sign-on users.
Okta's threat.
Intelligence team describes it asscalable, evasive, and sophisticated
at its core void proxy uses adversaryin the middle, tactics to steal
(03:18):
credentials, things like MFA codes,and even session cookies in real time.
Here's how it works.
Phishing emails come from alreadycompromised accounts at providers like
Constant Contact or Active Campaign.
The emails contain shortened links thatbounce through multiple redirects before
landing on the real phishing site.
(03:38):
Those sites sit on cheap domains like icu,sbs, and xyz, all shielded by CloudFlare
victims first see a CloudFlare capture,which asks them to confirm they're
humans, and then selects targets toget fake Microsoft or Google logins.
(03:59):
This move blocks automated scans used byemail filters and other security tools.
Users will enter their credentialsand void Prox silently proxies them to
the real servers, capturing everythingalong the way, the most dangerous part.
Session cookies once issued by Microsoftor Google Void proxy intercepts them
(04:20):
and hands a copy straight to attackers
that gives them full access,no password or MFA needed
again until the tokens expire.
Octa says Users with its FastPassservice we're protected and even
warned about the attacks in real time.
The lesson here is clear.
MFA isn't always good enough andcertainly not on its own against a
(04:43):
sophisticated determined attacker.
This discovery underscoresan important trend.
Phishing as a service is loweringthe barrier for advanced attacks.
Defending against them requires a robustdefense in depth approach with people,
process, culture, and technology.
Never rely on any vendor's claim thatany one approach or technology is
(05:08):
phishing proof or phishing resistant.
It takes multiple layers to beresilient against this threat.
Speaking of people, it's important toalways remember that cyber attacks, they
don't just take a toll on technology.
There's always a human cost too.
And our next two stories bringthat price into clearer focus.
(05:31):
One of the UK's biggest automakersis still reeling from a cyber
attack, and the impact isrippling across its supply chain.
Jaguar Land Rover has been offlinesince September 1st, shutting
down production in the UK.
Losses are already at over 50 millionpounds with daily costs running
(05:51):
as high now as 10 million pounds.
But experts warn the real danger tothis attack and its disruption is
to Jaguar Land Rover's, suppliers.
Many are small and medium-sizedfirms that rely heavily on JLR.
The supply chain supports aquarter of a million jobs.
. Some companies are alreadylaying off staff while others
(06:15):
are sending workers home.
If the outage continues,some suppliers could go bust.
Unions and lawmakers are urgingthe government to consider
emergency employee supports.
Jaguar Land Rover says it shut downsystems deliberately to protect them,
but restarting has not been simple.
Some of its data may also have beenaccessed, and the UK's National
(06:38):
Cybersecurity Center is now involved.
This incident shows a hard truth.
When a company at the top of thesupply chain is hit, the shockwaves
can put thousands of jobs at risk.
Protecting critical manufacturersmeans protecting entire ecosystems
full of small and mid-sized businesses.
(06:59):
And finally, a leadership changeat Marks and Spencer just months
after its massive cyber attack.
The retailer's Chief Digitaland Technology officer, Rachel
Higgem, is stepping down.
She joined Marx and Spencer's lastyear after senior roles at BT and WPP.
An internal memo praised her as a steadyhand at an extraordinary time End quote.
(07:24):
That extraordinary time, of course, wasthe April attack by Scattered Spider,
which halted online operations and costover 300 million pounds in damages.
Marks and Spencer has confirmedher departure, but hasn't said
if the role will be filled.
What is clear is the strainthat cyber attacks place on
(07:44):
IT leaders and their teams.
When operations stop and lossesmount executives shoulder,
tremendous responsibilities and cyberincidents don't just cost money.
They can shape careers, testleadership, and they can be tremendously
traumatic to it and response teams.
(08:04):
Those are your updates forMonday, September 15th.
As always, stay skeptical, stay patched,and remember, take care of your people
before and after a cyber incident.
We're always interested in youropinion, and you can contact us at
editorial@technewsday.ca or leavea comment under the YouTube video.
Please help us spread the word about theshow, like subscribe, or leave a review.
(08:28):
. And if you enjoy theshow, please tell others.
We'd love to grow our audienceand we need your help.
I've been your host, David Shipley
Jim Love will be back on Wednesday.
Popular Podcasts
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
My Favorite Murder with Karen Kilgariff and Georgia Hardstark
My Favorite Murder is a true crime comedy podcast hosted by Karen Kilgariff and Georgia Hardstark. Each week, Karen and Georgia share compelling true crimes and hometown stories from friends and listeners. Since MFM launched in January of 2016, Karen and Georgia have shared their lifelong interest in true crime and have covered stories of infamous serial killers like the Night Stalker, mysterious cold cases, captivating cults, incredible survivor stories and important events from history like the Tulsa race massacre of 1921. My Favorite Murder is part of the Exactly Right podcast network that provides a platform for bold, creative voices to bring to life provocative, entertaining and relatable stories for audiences everywhere. The Exactly Right roster of podcasts covers a variety of topics including historic true crime, comedic interviews and news, science, pop culture and more. Podcasts on the network include Buried Bones with Kate Winkler Dawson and Paul Holes, That's Messed Up: An SVU Podcast, This Podcast Will Kill You, Bananas and more.