Some organisations lack the necessary tools, resources, or expertise to tackle the increasing day-to-day threats from cybercriminals, whilst continuing to focus on their strategic priorities. Others may simply fail to carry out check-ups because they trust their software providers to do this, or do not maintain regular patching regimes. Unfortunately, it is these vulnerabilities that bad actors will always look to exploit.
Hackers take advantage of any opportunity to infiltrate an organisation’s network and access its most critical assets to leverage their confidentiality.
Security assurance given by vendors does not necessarily protect you from a data breach. Hackers are on the lookout for organisations with the slightest negligence of their systems or processes. So, the big question to ask is what would happen if you were the next victim?
Supply Chain Attack Definition
Supply chain attacks seek to infiltrate your systems through a connected external partner or supplier. Rather than directly attacking a specific company, weaker secured connected systems are targeted – looking to enter through the side door!
This form of attack uses techniques whereby a hacker, or government entity, slips code or another malicious component into a company’s software or hardware. These kinds of attacks use backdoor channels of legitimate software and hardware to gain access to an organisation’s information without authorisation.
These types of attacks on weaker systems are easier for criminals and are less noticeable once inside the chain, compared to directly hacking into an organisation’s own network. Hackers are looking to gain access to information by using source code, build processes, or update mechanisms, and infecting these legitimate software/platforms with malware.
Some attacks can indiscriminately target organisations that use software for monetary gain and due to the methods used for supply chain attacks, the number of victims can be huge. Others will intentionally target a specific organisation further along the supply chain from the initial entry point.
How Does It Work?
Hackers look for unsecured networks, unprotected servers, or unsafe coding techniques in an organisation’s supply chain. This includes:
- Vendors with unsafe security protocols
- Phishing scams that collect user data and access information
- Third-party service providers who have been corrupted already
These mentioned above are just some of the ways that cyber-criminals gain access to your supply chain. Many are using updated hacking techniques and are using known vulnerabilities that haven't been patched, looking further down the supply chain for weaker, less secure networks.
Maintaining thorough security process reviews can help to mitigate risks associated with supply chains.
Vendors who do not follow best practices and security protocols are less likely to notice any code infections in their systems before releasing them into circulation. The number of potential victims is countless, especially on open-source and wide-reaching service providers, such as SolarWinds. Hackers then monetise the campaign by demanding ransoms from their victims or steal the data, for example, in the case of nation-states to help further their geo-political ambitions.
Types of Supply Chain Attacks
Supply chain attacks involve continuous hacking and infiltration into a firm’s software or hardware through different methods, including:
- Preinstalling malware on hard disks or a device
- Compromising the building tools for software or updated infrastructure
- Using unauthorised or stolen code-signs for software or falsifying identity and authority to get into the system
- Compromising specialised code to get into the hardware
Once access is gained to a connected system, some of the attack types can include:
A malware attack occurs when malicious software such as spyware executes unauthorised actions in an organisation’s network. This software allows hackers into the system and its contents. They can then access data, restrict file access, or disable the software’s operations.
Phishing attacks make up more than three-quarters of cyber security issues. Phishing is a social-engineering strategy where the hacker sends a malicious message to trick people into revealing their sensitive information. The hacker wants access to login credentials and personal data.
3. Man in The Middle (MiTM)
This software circumvents mutual authentication. MiTM is essentially eavesdropping. When a compromised user communicates, the hacker intercepts the message without the victim knowing it. Hackers then use this information for extortion or blackmail. The hacker can do this using software or be in close physical proximity with the victim.
4. Distributed Denial of Service (DDoS)
Unlike all the other methods used in cyber-hacking, this one doesn’t breach the security perimeter but rather works to deny services and access to a system. It involves using multiple online connected devices collectively known as botnets. The botnets work to overwhelm a specific website using fake traffic, resulting in the website’s unavailability to legitimate users. They are also used to cover up malicious activities running in the background.
5. SQL Injection Attacks
SQL queries are injected into an application. These SQL commands affect the execution of predefined SQL commands. Attackers can then spoof identity, mess with existing data, and cause repudiation.
6. Cross-site Scripting XXS
A hacker can manipulate a vulnerable website so that it sends unauthorised scripts to the victims. The invader can then pull off advanced attacks.
Most of the above-mentioned attacks and techniques have been in use for years. So how are they of use to third party actors? By corrupting vendors, they have access to a far wider net of victims. Backdoor entry can be gained into dozens, if not hundreds of potential victims, due to lateral movement.
Examples of Supply Chain Attacks
Supply chain attacks have been among the most common cyber-attacks globally in recent years, some examples include:
- Kaseya, a Dublin-headquartered software company, has been a victim of a supply chain attack. The company is a software provider to small and medium-sized businesses worldwide. Its main task is to control what happens within the network solutions that they provide to their clients.
- In early 2021, SITA an airline IT supplier was targeted. Frequent Flyer information was compromised across connected airlines and further outside the network to partner airlines who did not use Sita.
- Ukraine’s cyberinfrastructure was attacked by malware coined NotPetya in 2017. Most fingers point towards Russia.
The techniques and channels used by cyber-criminals vary. But the most common avenues include:
- Third-party software providers. Corrupted updates from software providers can be devastating to numerous links along a supply chain.
- Website builders can fall victim to malicious scripts placed within legitimate websites. This can be incredibly difficult to detect.
- Third-party data stores are generally well protected. But if compromised a massive amount of valuable data can be encrypted and held for ransom.
There are numerous other threat areas that business owners and institutions must consider, but these are some of the most common methods and examples of recent successful supply chain attacks.
How can Organisations Reduce the Risk of Supply Chain Attacks?
No one can guarantee a way to block potential cyber-attacks entirely. However, an integrated approach to cyber-security can help to minimise the possibility of an attack and the harm that a successful attack can do. The significant challenge for having a foolproof cybersecurity defence is the ever-evolving cyber-attack tactics and threats.
Celerity’s Cyber Threat Insight Service helps to mitigate such issues by routinely examining and testing security networks for vulnerabilities whilst a Managed SIEM can give organisations' full visibility of cyber threats as they occur leading to quicker remediation.
The basic requirements of all supply chain partners:
- Automated scanning and detection help institutions avoid numerous threats. Simulated attacks highlight vulnerable areas and methods to mitigate attacks.
- Software updates should be treated with more scrutiny by subjecting them to scans and tests before installation.
- Basic training focusing on cyber threats and hygiene can improve safety. Employees with knowledge of basic threats will notice issues more readily.
- Have automated offsite backups in place for your sensitive data.
While it takes considerable time, effort, and finances to acquire and maintain supply chain IT solutions, it is equally important to invest in security.
The cost of regular testing and installing significant security controls and out-tasking a managed threat monitoring solution is massively outweighed by the extensive damage that a successful supply chain attack could do.