Supply chain-attacks pass through the IT systems of the targeted company’s service providers, which makes them difficult to detect. These attacks pass through the IT systems of the targeted company’s service providers, which makes them difficult to detect.
SolarWinds, Kaseya, and NotPetya all have one thing in common: they are supply chain attacks. This type of cyber-aggression is very handy for adversaries, as it is very difficult for the victim companies to detect and block. To understand why, let’s take a look at how they work.
Supply Chain Attack In Cybersecurity
A supply chain attack targets its victim by a circuitous route: it infects a third party, such as a software service provider, and then goes after its final target. This can be used to mask the attack to multiply its effect or to reach a very secure target.
In the case of SolarWinds, the Orion systems management tool was infected, allowing the attackers to access 18,000 networks worldwide. From there, they were able to sneak into the systems of at least five US federal agencies. This impressive hack requires significant resources and who else but Nobelium, a group of hackers under the Kremlin’s tutelage, to carry it out.
In the case of Asus supply chain attack in 2019, while 57,000 people installed the malware, the criminals were really only interested in 600 specific machines.
The Supply Chain Cyber Security Threats
Supply chain cyber security threats include vulnerabilities within the supply chain that can be exploited by cyber criminals. These threats include supply chain partners, information sharing, and vendor selection.
Supply chain partners include any company that is involved in the supply chain of a product. These companies may have access to sensitive data such as credit card information or personal information. Supply chain partners may be susceptible to cyber attacks, which can result in the loss or theft of data.
Information sharing is the exchange of sensitive data between supply chain partners. Supply chain partners can use this data for marketing purposes or for improving their products. However, this data may be vulnerable to cyber attacks, which can result in the loss or theft of data.
Vendor selection is the process of selecting suppliers for a product or service. This process involves evaluating potential suppliers based on their qualifications and history of providing quality products and services. However, selecting the wrong supplier can expose businesses to supply chain cyber security threats such as malware or ransomware infections.
How Does Supply Chain Attack works ?
A supply chain attack often uses a series of tools to achieve its goal – the name refers more to the vector through which the attackers pass than to the technologies used.
For example, an attacker can enter the system of a third-party service through phishing, and then turn it into a Trojan horse, i.e., software that looks legitimate but has a malicious component that is intended to spy or destroy. The attackers then just have to wait patiently for the technology to be provided and installed by the target companies… Then, they launch their real project, whether it is to block systems, take control of them, steal data, etc. NotPetya, the most expensive cyberattack in history, began with the infection of a Ukrainian accounting software, MEDoc, before spreading across the globe. Google security researchers and several governments blamed the attacks on the Russian government, specifically the Sandworm hacker group, a member of the Kremlin’s intelligence services.
When REvil ransomware group decided to activate its attack in July 2021, it not only hit Kaseya’s customer base, but also the one below it, using profiles like those of MSPs. This is because the attack on Kaseya had a cascading effect: the attackers first infected the VSA software, which was used to manage computer fleets remotely. This means that the technology had access to a relatively high level of privilege on these machines: it allowed a large number of changes to be made. Of the 36,000 customers claimed by Kaseya, many were “managed service providers,” or MSPs, who offered their services to their own network of small businesses.
How To Protect Against Supply Chain Attacks ?
The cybersecurity battles are always imbalanced. Companies must block every hole, defect, and weakness that may be exploited by an assailant. Attackers only need to find one of these vulnerabilities to penetrate the next phase of their operation. However, in an assault from a third party, it’s vital to safeguard against the potential compromise of software and services (and not to become paranoid and alienate the company’s vendors). If someone’s phone provider was compromised and listening in on conversations, it would be nearly impossible to detect. Individuals would be in the same scenario.
Still, some best practices exist that cybersecurity experts recommend, including the use of computer security threat detection and response technologies. Another approach, at the level of corporate policies, would be to decide to reduce the number of suppliers to facilitate cooperation and control of the tools used.