What is a supply chain attack, and how to prevent it?

A supply chain attack, a value-chain or third-party attack, is an increasing cyber threat for any organization. Although the main targets are software developers and suppliers, any industry from the governmental, financial, to oil sector can suffer.

So, how does this attack work? Can you prevent it?

How does a supply chain attack work?

During a supply chain attack, the cybercriminal accesses the organization’s network via third-party vendors or suppliers. That is, through the supply chain.

Here, the attackers focus on unsecured network protocols, coding practices, or servers to break in. After a successful breach, the hacker might modify a source code or hide malware. Usually, cybercriminals either get access to the system or infect software with malware.

Consequently, the legitimate apps from trusted providers end up spreading malware. This is highly dangerous because all players in the supply chain might get harmed unknowingly.

Are supply chain attacks are on the rise?

Over the past few years, the frequency of supply chain attack cases grew 4 times, hence worrying the experts.

The European Union Cybersecurity Agency (ENISA) revealed an alarming tendency. During 62% of supply chain attacks, critical access points were reached by exploiting suppliers’ trust.

The motifs behind the supply chain attacks were the following:

• 58% of the attacks intended to get access to data;
• 16% – to access people;
• 8% – to access financial resources.

As encouraged in the report, organizations should “focus their efforts on validating third-party code and software before using them to ensure these were not tampered with or manipulated.” Blindly trusting all parties within the supply chain can become a critical mistake.

Why is it a dangerous attack?

Any company that supplies software or hardware for other companies is a potential target.

For instance, malware can spread through:

• insecure application or piece of software that multiple companies use;
• a keylogger installed in a USB device, camera, phone, etc.;
• unprotected, modified source code;
• a modified computer’s booting code, jeopardizing the entire system.

Therefore, the number of victims can be directly related to the popularity of the app or software. One poisoned app, widely used throughout the supply chain, can cause severe damage.

SolarWinds hack – the worst example of supply chain attac k

The SolarWinds attack is the best-worst case example of a supply chain attack. This company provides system management tools for thousands of organizations globally. One of the company’s products, the IT performance monitoring system Orion, suffered from the attack.

In one of the largest hacks ever recorded, cybercriminals inserted malicious code into the Orion system. This created a backdoor. The attackers could access the internal information: the company’s users, accounts, and system files. When an Orion software user downloaded the latest update, it came with malicious code.

As a result, more than 18,00 SolarWind users installed infected updates. The hackers accessed all information that they could use to spread the malware further or spy on organizations. It was calculated that the insured losses could have reached as much as $90,000,000.

How to mitigate the risk of suffering from the attack?

As a business owner, make sure to take action today that can protect your company from becoming a victim of supply chain attacks:

• Organize regular cybersecurity training for employees. Every person should understand the importance of good cybersecurity practices and their personal input in achieving that.
• Allow only authorized apps to run on your company’s computers.
• Update antivirus and antimalware software.
• Require employees and admins to mandatorily use Two-factor authentication.
• Use a reliable password management solution inside your business. Ensure that admins have visibility over employees’ password practices. Encourage transparency in password creation, sharing, and managing practices.
• Make sure your IT staff is familiar with all service providers in your supply chain. How do they ensure security on their side?
• Mitigate risk by implementing a different level of access: admin/privileged, necessary access.

Protect your business from a supply chain attack. Start today.