Supply chain attacks are a sly way of targeting an organization indirectly — by compromising the software or hardware of a trusted vendor in the organization’s supply chain. No company or government establishment is safe if they are using third-party services. So read on to find out more about these attacks and how to prevent them.
Contents
A supply chain attack is a cyberattack that targets organizations by hitting the weaker links in their supply chain — third-party vendors or suppliers that provide software, hardware, or services. By infecting a supplier’s software or hardware, hackers gain unauthorized access to the supply chain and distribute malware throughout the network, which causes severe data breaches. Supply chain attacks can be difficult to detect and mitigate because the compromised components may have already been widely distributed throughout the chain by the time the attack is discovered.
A supply chain is a system of individuals, organizations, resources, and processes involved in the production, distribution, and sale of products. It includes all the steps involved in getting the product or service to the end user: transportation of materials from supplier to manufacturer, production, and delivery of the final product to retail centers and customers. And any link in this chain can be hit by a supply chain attack. But how exactly do these attacks work?
Supply chain attacks are committed in different ways, depending on the attacker’s objectives and the vulnerabilities they exploit. This is how cybercriminals carry out supply chain attacks:
Supply chain attacks pose a huge risk to all entities that share data with their vendor network and use third-party software products and services. If cybercriminals manage to compromise a link in the supply chain, the effects of the breach reverberate throughout the whole network, affecting everyone involved, including end users. These attacks are attractive to hackers for three main reasons:
Any company in the manufacturing, retail, or financial sector and even government agencies can suffer a supply chain attack if they work with third-party vendors that lack top-notch cybersecurity measures.
Major supply chain attacks have occurred in recent years, with the SITA, SolarWinds, and Passwordstate being prime examples.
In March 2021, it came to light that the air transport data giant SITA was hit by a severe international supply chain attack that breached its US-based servers. This is alarming because SITA is a vendor for over 400 airlines, and its Passenger Service System stores sensitive customer information, including names, addresses, passport data, and contact information.
An investigation revealed that cybercriminals compromised SITA’s frequent flier programs and stole the personal data of over 4.5 million passengers who have registered with the main Indian airlines, Air India, over the past decade. Following the breach, passengers were urged to change their passwords. Several other airlines using SITA’s services were also notified about the breach because potentially they might have been affected as well.
In 2020, SolarWinds, a Texas-based company providing network management software was hacked by a group known as APT29 or Cozy Bear, which is believed to be sponsored by the Russian government.
The hacking group accessed SolarWinds’ production environment and established a backdoor to its infrastructure monitoring and management tool, the Orion Platform. Hackers inserted malicious code into a software update that was then distributed to SolarWinds’ customers. All customers, including several US federal government agencies and thousands of private companies, who ran the malicious code suffered data breaches and other security incidents.
The SolarWinds attack, believed to have started as early as 2019, was highly sophisticated and well-coordinated. The attackers applied a variety of techniques, like disguising their activities as legitimate traffic, using encryption to hide their communications, and deleting log files to cover their tracks. This is potentially one of the most significant cyberattacks in history, with serious consequences for national security and the global economy.
In April 2021, the Passwordstate password managing app by the Australian company Click Studios suffered a significant supply chain attack when hackers compromised its updating functionality by inserting malicious code. The password management solution is used by thousands of companies worldwide.
According to Passwordstate, malicious actors compromised the upgrade directory and installed a dynamic link library (DLL) into an update that allowed them to harvest information, including usernames and passwords, from the users who performed the upgrade of the software until the breach was discovered two days later.
You can take several steps to detect and reduce the security risks associated with your supply chains:
By taking these steps, you can significantly reduce the risk or supply chain attacks.
Protecting against supply chain attacks requires a comprehensive and proactive security strategy that includes the following measures:
To minimize the risks of working with software vendors and suppliers, organizations should:
By adopting these measures, organizations can reduce the likelihood and impact of supply chain attacks and improve their overall cybersecurity.
Want to read more like this?
Get the latest news and tips from NordVPN.