Learn about an example of a supply chain attack in which a legitimate website was breached by a website builder used by creative and digital agencies.
Cybercriminals also use supply chains as a means of reaching the widest audience with malware. Identifying and disrupting a strategically important element is the efficient use of resources and can lead to large numbers of infections.
The Shylock banking Trojan is a good example. In July 2014, a joint operation by law enforcement agencies and the cybersecurity community focused on e-banking in the UK, Italy and the US reduced the threat of the group behind the virus.
Shylock attackers compromise legitimate websites through website builders used by creative and digital agencies. They used a redirect script that sent victims to a malicious domain owned by the author of Sherlock. From there, the Sherlock malware was downloaded and installed on systems browsing legitimate websites.
The economics of the effort made this a very successful endeavor. By integrating a number of different features employed by other malware, Shylock is able to perform customizable “man-in-the-browser” attacks that avoid detection and protect itself from analysis.
The attack did not compromise multiple legitimate websites individually, but targeted the core script of a website template designed by the UK-based creative digital agency.