Supply chain attacks are often overlooked cyberattacks, but they can cause catastrophic damage given enough time. Supply chain attacks target vendors and suppliers instead of directly targeting a specific business, making them more difficult to detect and prevent if your vendors aren't maintaining strict cybersecurity policies and using the best tools.
What is a supply chain attack?
A supply chain attack (also known as a third-party attack, value-chain attack or backdoor breach) is when an attacker accesses a business's network via third-party vendors or suppliers; or, through the supply chain. Supply chains can be massive in scope and complex in their relationships, which is why some attacks are so difficult to trace.
Many businesses work with dozens of suppliers for everything from ingredients or production materials to outsourced work and technology. This is why it's so important to protect the supply chain and ensure the companies you're working with are as committed to that protection as you are.
How do supply chain attacks work?
A software supply chain attack only requires one compromised application or piece of software to deliver malware across the entire supply chain. Attacks will often target an application's source code, delivering malicious code into a trusted app or software system.
Attackers often target software or application updates as entry points. The problem with software supply chain attacksis that they're so difficult to trace, with cybercriminals often using stolen certificates to "sign" the code to make it look legitimate.
Hardware attacks depend on physical devices, much like the USB keylogger we mentioned earlier. Attackers will target a device that makes its way through the entire supply chain to maximize its reach and damage.
Firmware attacks insert malware into a computer's booting code in an attack that only takes a second to unfold. Once a computer boots up, the malware is executed, jeopardizing the entire system. Firmware attacks are quick, often undetectable if you're not looking for them and incredibly damaging.
Examples of supply chain attacks in the news:
The SITA data breach is estimated to have exposed more than 580,000 records from Malaysia Airlines' Frequent Flyer program. Finnair, Air New Zealand and others also reported breaches, exposing hundreds of thousands of records on customers across each airline. Singapore Airlines shared data with a company called Star Alliance, which is where the attack is believed to have originated. From there, it spread across the entire supply chain.
In perhaps one of the largest data breaches ever, the IT company SolarWinds was the victim of a supply-chain, malware attack delivered through the company's own servers during a software update. This attack affected the US Treasury Department, the US Department of Defense and many others.
What can companies do to mitigate the risk of software supply chain attacks?
Invest in SOC (security operation center) analysts. These IT professionals will look closely at your business's cybersecurity infrastructure to identify any problems or missing protection. They'll also react to threats, analyze the effects of any attacks and work to improve your system.
Apply vendor access controls. Restricting the vendor's access to your system is a great way to mitigate potential threats. In other words, don't let vendors access anything other than what they need to for the job.
Use an Enterprise Password Management Platform (EPM). EPM tools help prevent supply chain attacks by giving IT administrators complete visibility into employee password practices, as well as the ability to enforce password security rules company-wide.