Is your supply chain leaving you vulnerable to Cyber Attacks?

Some organisations lack the necessary tools, resources, or expertise to tackle the increasing day-to-day threat posed by cyber criminals whilst continuing to focus on their strategic priorities. Others may simply fail to carry out check-ups because they trust their software providers to do this, or do not maintain regular patching processes. Unfortunately, it is these vulnerabilities that threat actors will always look to exploit.

Cyber criminals will take advantage of any opportunity to infiltrate an organisation’s network and access its most critical assets in order to leverage their confidentiality.

Security assurances given by vendors do not necessarily protect you from a data breach. Criminals are always on the lookout for organisations with even the slightest negligence of their systems or processes. So, the big question to ask is what would happen if you were the next victim?

What is a supply chain attack?

Supply chain attacks seek to infiltrate your systems through a connected external partner or supplier. Rather than directly attacking a specific company, less secure connected systems are targeted.

This form of attack uses techniques whereby a criminal hacker, or state sponsored entity, slips code or another malicious component into a company’s software or hardware. These kinds of attacks use backdoor channels of legitimate software and hardware to gain access to an organisation’s information without authorisation.

These types of attacks on weaker systems are easier for criminals and are less noticeable once inside the chain, compared to directly hacking into an organisation’s own network. Hackers are looking to gain access to information by using source code, build processes, or update mechanisms, and infecting these legitimate software/platforms with malware.

Some attacks can indiscriminately target organisations that use software for monetary gain, and due to the methods used for supply chain attacks the number of victims can be huge. Others will intentionally target a specific organisation further along the supply chain from the initial entry point.

How do they work?

Threat actors look for unsecured networks, unprotected servers, or unsafe coding techniques in an organisation’s supply chain. This includes:

• Vendors with unsafe security protocols
• Phishing scams that collect user data and access information
• Third-party service providers who have been corrupted already

These are just some of the ways that cyber-criminals can gain access to your supply chain. Many are using updated hacking techniques and known vulnerabilities that haven't been patched, looking further down the supply chain for weaker, less secure networks.

Maintaining thorough security process reviews can help to mitigate risks associated with supply chains.

Vendors who do not follow best practices and security protocols are less likely to notice any code infections in their systems before releasing them into circulation. The number of potential victims is countless, especially on open-source and wide-reaching service providers, such as SolarWinds. Hackers will then attempt to cash in on the campaign by demanding ransoms from their victims, or stealing their sensitive and/or valuable data.

Types of supply chain attacks

Supply chain attacks involve continuous hacking and infiltration into a firm’s software or hardware through different methods, including:

• Preinstalling malware on hard disks or a device
• Compromising the building tools for software or updated infrastructure
• Using unauthorised or stolen code-signs for software or falsifying identity and authority to get into the system
• Compromising specialised code to get into the hardware

Once access is gained to a connected system, some of the attack types can include:

1. Malware

A malware attack occurs when malicious software such as spyware executes unauthorised actions in an organisation’s network. This software allows hackers into the system and its contents. They can then access data, restrict file access, or disable the software’s operations.

2. Phishing

91% of all Cyber Attacks begin with a phishing email. Phishing is a social-engineering strategy where the hacker sends a malicious message to trick people into revealing their sensitive information, typically any login credentials and personal data.

3. Man in the Middle (MITM)

Man in the Middle is essentially eavesdropping. When a compromised user communicates anything, the criminal can intercept the message without the victim knowing it. Cyber criminals can then use this information for extortion or blackmail.

4. Distributed Denial of Service (DDoS)

Unlike all the other methods used in cyber-hacking, this one doesn’t breach the security perimeter but rather works to deny services access to a system. It involves using multiple online connected devices collectively known as botnets, which work to overwhelm a specific website using fake traffic resulting in the website’s unavailability to legitimate users. They can also be used to cover up malicious activities running in the background.

5. SQL injection attacks

This is where SQL queries are injected into an application. These SQL commands affect the execution of predefined SQL commands. Attackers can then spoof identities, mess with existing data, and cause repudiation.

6. Cross-site scripting XSS

Cyber criminals can manipulate a vulnerable website so that it sends unauthorised scripts to the victims, enabling advanced attacks.

Most of the above-mentioned attacks and techniques have been in use for years, so how are they of use to third party actors? By corrupting vendors, backdoor entry can be gained into dozens, if not hundreds of potential victims due to lateral movement.

Examples of supply chain attacks

Supply chain attacks have been among the most common cyber-attacks globally in recent years, some examples include:

• Kaseya, a Dublin-headquartered software company, has been a victim of a supply chain attack. The company is a software provider to small and medium-sized businesses worldwide. Its main task is to control what happens within the network solutions that they provide to their clients.
• In early 2021 SITA, an airline IT supplier, was targeted. Frequent Flyer information was compromised across connected airlines and further outside the network to partner airlines who did not use Sita.
• Ukraine’s cyberinfrastructure was attacked by malware coined NotPetya in 2017. Most fingers point towards Russia.

The techniques and channels used by cyber-criminals vary, but the most common avenues include:

1. Third-party software providers. Corrupted updates from software providers can be devastating to numerous links along a supply chain.
2. Website builders can fall victim to malicious scripts placed within legitimate websites. This can be incredibly difficult to detect.
3. Third-party data stores are generally well protected, but if compromised a massive amount of valuable data can be encrypted and held for ransom.

There are numerous other threat areas that business owners and institutions must consider, but these are some of the most common methods and examples of recent successful supply chain attacks.

How can Organisations Reduce the Risk of Supply Chain Attacks?

No one can guarantee a way to completely block potential cyber-attacks. However, an integrated approach to cyber-security can help to minimise the possibility of an attack and the harm that a successful attack can do. The significant challenge for having a foolproof cybersecurity defence is the ever-evolving cyber-attack tactics and threats.

Celerity’s Simulated Cyber Attack helps to mitigate such issues by routinely examining and testing security networks for vulnerabilities whilst a Managed SIEM can give organisations' full visibility of cyber threats as they occur leading to quicker remediation.

The basic requirements of all supply chain partners:

• Automated scanning and detection help institutions avoid numerous threats. Simulated attacks highlight vulnerable areas and methods to mitigate attacks.
• Software updates should be treated with more scrutiny by subjecting them to scans and tests before installation.
• Basic training focusing on cyber threats and hygiene can improve safety. Employees with knowledge of basic threats will notice issues more readily.
• Have automated offsite backups in place for your sensitive data.

While it takes considerable time, effort, and finances to acquire and maintain supply chain IT solutions, it is equally important to invest in security.

The cost of regular testing and installing significant security controls and out-tasking a managed threat monitoring solution is massively outweighed by the extensive damage that a successful supply chain attack could do.