Cyber Intrusions Using Open-Source Software Foiled By Top Security Company

Arctic Wolf, a leading cybersecurity company, recently thwarted a series of cyber intrusions that utilized an unconventional method to breach systems. Starting in early July, Arctic Wolf detected and responded to multiple attacks involving the SocGholish/FakeUpdate malware, which used open-source software to further its objectives.
The attackers exploited software from the Berkeley Open Infrastructure for Network Computing (BOINC) project. BOINC is commonly used for scientific research by allowing users to contribute their computing power to solve complex calculations. However, in this case, cybercriminals repurposed BOINC to spread their malware.
How the Attack Unfolded
The intrusion began when victims visited compromised websites and unknowingly downloaded malicious files disguised as legitimate updates. These files, once executed, triggered a series of actions that eventually led to the installation of the BOINC software. The hackers used this software to set up fake projects that appeared legitimate to unsuspecting users.Arctic Wolf’s Managed Detection and Response (MDR) team acted quickly, interrupting the attacks before they could fully execute their plans. This rapid response limited the damage and prevented the attackers from achieving their objectives.Collaboration and Insights
On July 17, Huntress, another cybersecurity firm, published a blog detailing similar findings. By combining insights from both Arctic Wolf and Huntress, organizations can better understand these threats and develop strategies to detect and prevent similar attacks in the future.What Organizations Should Know
The attackers used BOINC, a legitimate and widely respected open-source software, to disguise their malicious activities. This tactic highlights how cybercriminals can exploit even trusted tools to carry out their attacks.Arctic Wolf identified that the hackers registered new domains to host their malicious scripts, using sophisticated techniques to avoid detection. Despite these efforts, Arctic Wolf’s proactive measures ensured the intrusions were contained.Key Takeaways For Organizations Awareness: Be cautious when downloading software or updates, even from seemingly legitimate sources. Always verify the authenticity of the source.Security Measures: Companies should use advanced security systems to monitor and detect unusual activities, as demonstrated by Arctic Wolf’s effective response.Open-Source Risks: The incident underscores the potential risks associated with open-source software. While beneficial, such software can be exploited if not properly secured and monitored.