1 min read

Cyber twins investigate how threat actors hurt skilled software developers and why is it essential for software vendors to be trusted by their users

In 2017, news from CCleaner and NetSarang supply chain attacks made global headlines. This caught the attention of cybersecurity twins, Noushin Shabab and Negar Shabab to dive deeper and uncover details around the compromised software development environment.
Negar who works as a security consultant specializing in implementing security in the entire life cycle of software says, “It is essential for software vendors to be trusted by their users. However, despite their skill set, software developers still don’t practice basic cybersecurity hygiene which impacts their software products. This may result to thousands of innocent victims.”

The younger twin Noushin who is a Senior Security Researcher for Kaspersky ANZ, did a further investigation in two well-known supply chain attacks–ShadowPad targeting server management software and ShadowHammer infecting the gaming industry. Both cases displayed compromised linker modules inside the software development environments deployed by attackers. The final payloads towards end user victims were also hidden on the developers systems in one of these two forms; a separate source code file or a malicious software library. With the help of the trojanised linker, malicious code was instantly linked with the original source code and this resulted in trojanised software programs impacting large number of user victims.
Noushin says, “Investigating and protecting against supply chain attacks is of utmost importance to us, security researchers. Failure in trust and integrity towards supply chains will ruin the reputation of well-respected and reputable software development companies.”

Here are 4 things programmers can do to protect their software development environment?
1.Patch and update your software development environment in organized cycles
2. Regularly check the integrity of the software development environment
3.Examine your software modules after compilation and ensure nothing unwanted is added
4.Install Kaspersky Endpoint For Business (KESB) to protect your businesses sensitive data safe