Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
ErikCamacho
Newcomer I
Wednesday
Wednesday

Malware dormant for 6 years (how does this happen?)

I read this morning an article posted by TLDR that hundreds of e-commerce sites hacked in supply chain attack...

 

"The infections are the result of a supply-chain attack that compromised at least three software providers with malware that remained dormant for six years and became active only in the last few weeks."

 

How does this happen? 😱

 

Source:

Hundreds of e-commerce sites hacked in supply-chain attack 

Reply
0 Kudos
3 Replies
Steve-Wilme
Advocate II
Thursday
Thursday

And this is why PCI DSS v4.0.1 has an additional control 11.6.1 for merchants to implement mechanisms to detect tampering to scripts that execute within customer browsers.  

 

-----------------------------------------------------------
Steve Wilme CISSP-ISSAP, ISSMP MCIIS
Reply
ErikCamacho
Newcomer I
Thursday
Thursday

Yikes, it sounds like they were either concerned about processing the payments without concern for consumers, or some folks were sleeping on the job.

 

This is not my background, but a solution is spelled out.

 

Guidance-for-PCI-DSS-Requirements-6_4_3-and-11_6_1-r1.pdf 

Reply
0 Kudos
dcontesti
Community Champion
Thursday
Thursday

Unfortunately, malware being dormant is not new to the industry.  We have seen malware lie dormant waiting for a specific date or time, or even only being active on specific platforms.

 

There is a lot of intelligence built into some malware.

 

 

 

Reply