We invest in security controls, and we train our employees to spot potential threats. But have you considered that the weakest link in our armoury could be our partners and suppliers? Supply chain attacks are growing, as cybercriminals are doing just that and focusing on exploiting weak links.
Now, if you are wondering what a supply chain attack is, let me explain. A supply chain attack, or third-party attack, is a cyberattack that happens when a bad actor exploits a vulnerability in your system, application, or service by attacking a third-party provider who has access to your systems and data. The third-party may have weaker security controls in place, allowing for an easier entry into your network or to access your sensitive data.
Over the last few years, service providers are accessing more sensitive data than ever before, which is widening the attack surface of the typical enterprise. Attackers now have more resources and tools at hand, with more public awareness and oversight from regulators. This really is a perfect storm.
When it comes to the news, last year’s SolarWinds attack, attributed to a Russian nation-state attack, is a good example. Attackers inserted malicious code into the Orion system, a SolarWinds product for IT performance monitoring. As a monitoring system, it has escalated privileges so that it can obtain log and system data. These privileges and global deployments made for a very lucrative target indeed.
This malicious code allowed the attackers to gain access to networks, systems and data of more than 30,000 customers, including dozens of governments (US Government included) and enterprise networks. Attackers took advantage of multiple supply chain layers, violating the chain of trust. Also, worryingly, SolarWinds customers were not the only ones to be affected. Since the hack exposed the workings of Orion users, the hackers could move horizontally and gain access to the data of their partners and customers. Because vendors have a vast pool of users, a single compromised vendor could result in multiple businesses suffering a breach; this makes a supply chain attack so effective.
The SolarWinds attack demonstrated how devastating such an attack could be, exposing vulnerabilities in traditional defences. Even though this attack has been the most sophisticated attack to date, there are still tactics that organisations can implement to strengthen their supply chain. Here are eight of those.
- Secure Privileged Access Management
- Implement a Zero Trust Architecture
- Implement Honeytokens
- Identify Insider Threats
- Protect Vulnerable Resources
- Minimise Access to Sensitive Data
- Monitor Vendor Network for Vulnerabilities
- Identify all Vendor Data Leaks
Supply chain attacks are increasing, becoming more sophisticated and prevalent. If government agencies are becoming victims, how can small businesses navigate past these threats? The only way is to assume a breach mentality, take a pessimistic view that assumes that you will be breached, rather than assuming it could happen. This simple shift can help move an organisation's security posture from a passive to an active state.
What is a supply chain attack - https://www.wired.com/story/hacker-lexicon-what-is-a-supply-chain-attack/
Monumental supply chain attack - https://threatpost.com/supply-chain-attack-airlines-state-actor/166842/