Supply chain attacks are commonly overlooked cyberattacks, but they can cause disastrous damage given enough time. Supply chain attacks target vendors and suppliers instead of directly targeting a specific business, making them harder to detect and prevent if your vendors aren’t maintaining strict cybersecurity policies and using the best tools.
In this guide, we’ll look closer at what a supply chain attack is, how to detect it, and how to prevent your business from becoming the next victim of a supply chain cyberattack.
Supply chain attacks are frightening because of how undetectable they may be. here’s how it works:
The number of victims can be quite significant, especially when popular apps are targeted. For example, one case saw a free file compression app poisoned and deployed to customers in a country where it was the top utility app.
There are many notable examples of incidents at all points in the ICT lifecycle. Here are a few that took place in recent times:
Hijacked Cellular Devices 2016 – A foreign company designed software used by a U.S. cell phone manufacturer. The phones made encrypted records of text and call histories, phone details, and contact information and transmitted that data to a foreign server every 72 hours.
SolarWinds 2020 – An IT management company was infiltrated by a foreign threat actor who maintained persistence in its network for months. The threat actor left the network only after it had compromised the company’s build servers and used its update process to infiltrate customer networks.
End-User Device Malware 2012 – Researchers from a major U.S. software company investigating counterfeit software found malware preinstalled on 20 percent of devices they tested. The malware was installed in new desktop and laptop computers after they were shipped from a factory to a distributor, transporter, or reseller.
Kaspersky Antivirus 2017 – An overseas-based antivirus vendor was being used by a foreign intelligence service for spying. U.S. government customers were directed to remove the vendor’s products from networks and disallowed from acquiring future products from that vendor.
Backdoors Embedded in Routine Maintenance Updates 2020 – Thousands of public and private networks were infiltrated when a threat actor used a routine update to deliver a malicious backdoor.
Sensitive Data Spillage 2019 – A researcher bought old computers, flash drives, phones and hard drives, and found only two properly wiped devices out of 85 examined. Also found were hundreds of instances of personally identifiable information (PII) spillage, including Social Security numbers, passport numbers, and credit card numbers.
If you’d like to learn more about how the ICT Supply Chain Lifecycle can be compromised, see this factsheet.
Types of supply chain attacks include:
Your CTO or IT teams can protect against supply chain attacks by:
Software vendors and developers can protect against attacks by:
Map your system, especially your most critical relationships, and use a third-party tracker to find the weakest links in your supply chain.
Scrutinise your software vendors against the performance standards you expect. Software and applications that your company uses should undergo the same level of scrutiny and testing that your network devices and users do. After a fuller accounting of your third-party and supply chain risks, identify ways to simplify your business relationships and supply chain. Should you pare down? Combine?
Gridware is proud to be a thought-leader in cybersecurity, creating and leading conversations in this space. Check out a selection of our published work from our Sydney based Cyber Defence Centre (CDC), and learn how our cyber expertise has led to partnerships with leading Australian Universities.
As a provider of CREST-approved penetration testing as well as vulnerability assessment, social engineering and red teaming services, Redscan’s ethical hacking team has extensive experience of assessing organisations’ technology, personnel and processes against the latest attack techniques and helping organisations to address them.
Detecting a supply chain attack quickly is the key to ensuring the damage isn’t irreversible. Firewalls and antivirus software are not enough to protect you against the latest threats. Our certified security professionals employ cutting-edge threat intelligence to hunt for malware and other cyber threats and help quickly shut them down.
Your users are your last line of defense. Educate them about the latest email threats, and ensure they understand their fraudulent nature and know how to report them to your security teams. Barracuda security awareness training and phishing simulation provides all necessary tools to train your users to recognize and report phishing emails, which will prevent email fraud and data loss.
If threat actors take control of your data, there’s no need to pay a ransom or go through a difficult and tedious recovery process — if you have a strong, modern, easy-to-use backup solution. We offer superior backup solutions — on-premises or in the cloud — that make it simple and fast to restore an up-to-date copy of any file, whether you’re restoring an entire server or specifically selecting files to restore.