Press "Enter" to skip to content

PHP hacked, CompuCom’s payback.. and a hacker pays back

Today also appears to be security day, so let’s hit three more.

In another supply chain style attack, the official PHP Git repository was hacked on Sunday, and the code base was tampered with.    The malicious code commits happened under the guise of two known PHP developers, planning t backdoor for remote code execution.    The changes were rather obvious, and reverted right away.     As a response, the maintainers are migrating the official source code to GitHub, and two-factor authentication is required.    

CompuCom, the wholly owned subsidiary MSP of Office Depot and Office Max, is expecting their ransomware attack to cost over $20 million.     The company does expect that a share of the expenses will be covered by cyber insurance.  

Finally, the administrators of the Ziggy ransomware, who have recently shutdown… are giving the money back.         They also published all decryption keys.   Of note… even in giving back the bitcoin, the hackers still made profit due to the price of bitcoin.     Bleeping Computer reports that the admins lived “in a third world country” and their motivations were financial – and their recent actions are driven by fear of law enforcement.  

Why do we care?

It’s all about the motivations.     There’s three to talk about.

First, supply chain attacks are a trend.   SolarWinds wasn’t the first nor will be the last, and here’s another example.    I’d be thinking a lot about that in my own organization of any size.

Second, it’s not the hack of CompuCom that interests me, it’s the insurance payout.    As those get bigger, we’re going to see that pressure from insurance agencies to step up controls to limit payouts.   This is no small payout.

Finally, the hacker motivation.   Hackers, desperate to make some money, find a way to leverage technology to do it.  In this case, they don’t even have to operate long, can take advantage of bitcoin to make money AND give it back.  And they do it short term to avoid law enforcement.   There’s a lot to unpack there.    Understanding our opposition is key to defending.    But you can see here how it’s not likely to slow down or stop.