Logic Bomb attack targeting eCommerce supply chain

A good example of a logic bomb attack, 6 years in the making, we haven't seen many of these attacks for a number of years now. For you folk thinking "what the heck is a logic bomb attack?" It's a cyber attack where a threat actor compromises a system or service and a backdoor or code implant is placed that activates at a particular point or when an action takes place, for example an internal threat actor working in payroll might set up a logic bomb so that after they have left the company, malware might deploy or a payment might be made to an account of their choosing.

https://www.bleepingcomputer.com/news/security/magento-supply-chain-attack-compromises-hundreds-of-e-stores/

In this case it targeted the e-commerce supply chain and sat in wait for 6 years before activating. Most organisations in the supply chain (let alone the organisations directly) had not even considered the possibility that their product might be contaminated as a means of distributing malicious content, which is why it's imperative that organisations ensure that they are handling supply chain risk and performing vetting of both the chain and the products they intend on adopting.

#cyberattacks #supplychainattacks #logicbomb #malware #danweis #hackproofyourself #boardroomcyber