Supply chain cyber-attacks seek to infiltrate and damage an organisation by attacking vulnerabilities in the supply chain. Supply chains consist of all assets which assist organisations. This can include software providers, web developers, business partners, defence systems, etc.
Due to the wide range of factors within a supply chain, these have increasingly become the target of cybercriminals and hackers. Some recent reports suggest that up to 50% of all cyber-attacks now target the supply chain. A supply chain cyber-attack can take place in any sector, financial, government, oil and gas industry, etc.
But what has led to this rise in supply chain attacks?
With an increase in the number and severity of data breaches on many global brands in recent years, including Adobe, Canva, LinkedIn, Microsoft, and many government departments, these institutions have initiated stringent security measures to protect themselves directly.
Due to this, hackers and cybercriminals have had to seek new ways to gain access. Unfortunately, the supply chain is often the weak link in your security chain and has therefore been the basis for this increased focus of attacks.
There are quite a few ways that cybercriminals and hackers can breach you or your supplier’s systems through supply chain attacks. We are going to examine some of the common methods used to breach supply chains and how this can ultimately lead to lateral attacks across many networks.
1. Poor Cyber Hygiene
Companies that have shifted towards online platforms often suffer from poor cyber hygiene. This includes the use of weak passwords, a lack of security protocols and backup plans.
A report by SecureAUTH suggests that up to 53% of people use the same password across multiple platforms.
Sophisticated phishing attacks have also been used in the past to compromise Facebook and PayPal accounts. Once this data is out in the open it becomes possible for cybercriminals to access more sensitive accounts and databases allowing for a much broader supply chain attack.
Lack of training, processes and security culture are some of the key factors which result in successful attacks of this kind.
2. Subcontractor vulnerabilities
Weakly written software leads to application vulnerabilities, and further attacks become easy for cybercriminals. The rise in application vulnerabilities has been caused by companies outsourcing their work to cheaper organisations.
Companies don't realise that they are ultimately compromising important information in their supply chain network to save time and money. To avoid this, make sure that you outsource to companies that follow the same strict security guidelines as your company.
Many companies rely on the trust of their subcontractors, but should they outsource further, the risks become greater. The further down the supply chain that a company goes the more vulnerable they are to weakly written code and software applications.
Malware is malicious software and code installed in legitimate updates and apps that are released as a secure application. This software can be spyware, ransomware, control and command, and others.
Malware supply chain attacks are particularly troublesome due to the wide-ranging number of potential victims. One of the most recent attacks has been the recent SolarWinds attack which came to light in late 2020.
It is often quite difficult to detect malware supply chain attacks as the malware is deeply hidden within legitimate apps and updates. These lateral attacks can be extremely costly to businesses and institutions that lose valuable personal and financial data.
4. Insider threats or User Error
Insider attacks are rare, but not uncommon. It is difficult to know when or why such attacks occur within a supply system as this entirely depends on the individual who has initiated the attack.
Financial gain or government initiatives are usually the most common reasons for such events to occur.
For government institutions, it’s important to conduct strict background checks on employees and their motivations. Tracking employee online movements will help to determine if certain malicious attacks have been initiated internally.
User error can be as simple as clicking on the wrong link within an email initiating a phishing or other such cyber-attack. Training and guidance on how to respond to such risks are hugely important for company security.
5. Missing encryption:
Through encryption, companies aim to secure their data from one network to another. Mutual trust is between suppliers, institutions, and their end-users. Poor encryption software and the use of open-source software has led to a huge network of potential threat areas that hackers and cybercriminals can use.
To avoid this, software needs to be encrypted strongly from one end to another so that the information may not be leaked.
How to protect yourself from Supply Chain Attacks:
As we have seen, the access points used by cybercriminals and hackers to gain entry into a supply chain varies greatly.
Sophisticated and far-reaching lateral attacks are of huge concern to security experts, as a single point of access can reproduce countless times upon the supply chain.
It is difficult to monitor all aspects of your supply chain, especially for larger corporations and institutions, however, there are several best practices that your institutions can follow to help prevent such attacks from occurring.
Vet third-party suppliers - If you are using third-party suppliers’ vet their systems and the subcontractors that they may employ. It’s important to restrict access until you are happy with their security protocols and that their guidelines are in line with yours regarding security and access.
Conduct regular security and information audits - Attackers typically want data from your institutions, by knowing where and how it is stored you can better protect your data.
Security validation audits such as Celerity’s Cyber Threat Insight Service allow companies to know and understand where potential vulnerabilities are within their system on an ongoing basis. By conducting real-world simulated cyber-attacks across your system, gaps in your security can be identified and remediated before cybercriminals can exploit them.
Employee training and threat analysis - One of the simplest and most proactive methods for supply chain threat analysis is training and education of employees. If employees notice suspicious activity and know how to respond to it, it is possible to contain potential attacks before they go any further. Professional and regular insights are a great method to reduce cyber threats within your company.
Early Threat Detection - Detecting a potential threat is critical to reducing the time to remediate and the amount of damage a hacker or malicious insider threat could cause in your systems. Implementing a SIEM solution provides full visibility of your networks traffic and can flag any abnormal and or potential threats for immediate action. Better yet, a Managed SIEM can offload the resource and skills needed to manage this solution, allowing your IT team to focus on core objectives.
As organisations continue to strengthen and improve their cybersecurity, hackers and criminals will look for backdoor access through the supply chain network. These attacks are likely to continue to rise, so institutions need to take a proactive approach to mitigate these risks.