Posted on May 13, 2019 at 4:08 PM
4600 Sites Collecting User Data In Ongoing Attack
Alpaca Forms, on the other hand, is an open-source project that allows users to build forms. It was initially built by CloudCMS before being open-sourced over eight years ago with the company still providing a free CDN (Content Delivery Network) service for the project they birthed. In the case of Alpaca, the hackers managed to infiltrate the CloudCMS managed CDN to modify one of the alpaca scripts. It seems that only the one script has been tampered with, with the company saying that nothing else was touched.
Form input data all logged by hackers
This means that the hackers have access to a wide array of passwords, usernames and credit card details from the two hacks that have resulted in thousands of websites being hacked. The potential data gathered could reach up to millions of users around the world.
Supply-Chain attacks on the increase
The last two years have seen a noticeable increase in supply-chain attacks, though hackers have realized that the larger companies are not easy targets anymore. That said, there are still exceptions such as the Asus supply-chain slip up that saw its pre-installed updater packed with malicious code that allowed hackers to install whatever payload they deemed necessary.
Hackers have slowly started to focus their attacks on smaller companies that provide scripts and other secondary code to the online equivalent of mom & pop stores. These would be chat widgets, live support scripts, and analytics among other things. Picreel is an example fo the analytics, while Alpaca Forms would be an example of forms being infected. The motivations behind an attack are usually straightforward, as they are mainly financially motivated, though more targetted attacks have been known to install crypto jacking scripts or only stealing data from payment forms.
This attack, on the other hand, was very broad and focused on getting as much information as possible with every single form on the infected websites sending their data to the Panama server. The threat actor behind this latest supply-chain breach has not been identified as of yet, so the exact nature of the attack is still an unknown for the time being.