What is a Cyber Supply Chain Attack?
A supply chain attack, which is also called a value-chain or third-party attack, occurs when someone infiltrates your system through an outside partner or provider with access to your systems and data.
Supply Chain Connections
Suppliers commonly have access to their customer’s networks to simplify the supply chain.
In particular, a disruption in supply can affect companies a long way down the supply chain, showing how important it is, today, to consider not only the risk of a single company but also of the many links in the supply network.
From a broader perspective and consequently, supply chain risks can derive from many different sources and impact different parts of the supply chain. Today we see increasingly sophisticated attacks that target supply chains, counter-incident response, and lateral movement within a network are quickly becoming the new normal in the corporate security threat landscape.
The supplier credentials can be stolen from multiple points across supplier and customer portals. An important cybersecurity strategy is to continuously tests if these credentials and connections can reach the companies critical assets.
There are lots of reported cases when an attacker is going to turn off antiviruses, firewalls, anything that’s going to send a trigger upstairs, because the longer they have to achieve their goal whether it’s lateral movement, ‘island hopping’ further up the supply chain or data collection, the better chance they’ll have for success.
Example of a Supply Chain Attack
Here is a classic example of a supply chain attack.
Attackers used stolen credentials from the vendor that serviced the company’s systems in the bug retail store in North America to access the retailer’s network and move laterally to the systems that stored customer payment information.
Supply chain attacks are increasing because of their economies of scale. The past few years have been filled with massive data breaches that have flooded the underground markets with personally identifiable information, credit card numbers, and bank account details. The supply of data now exceeds the demand, bringing down the value of this information.
While the number of supply chain attacks will continue to grow, we expect detection to lag, especially in cases when the target provides products or services to a specific country or industry. Since most supply chain attacks include adding a backdoor to legitimate, certified software, they are rarely detected by an organization’s security tools. And don’t expect the software vendor that’s being targeted to detect the attack.
The security teams at these companies usually don’t anticipate that their software would be targeted during the development stage, a point not lost on attackers.
Even if a compromised vendor discovered an attack, they could be reluctant to disclose it, fearing that their reputation would be damaged. They’re likely to quietly fix the problem and leave the compromised customers unknowingly exposed. A better option is to immediately report the compromise despite the potentially painful consequences.
We can see that the European Network and Information Security Agency (ENISA) indicates that “processes” are seen as the most important pillar to secure critical infrastructures and industrial control systems (ICSs) – much more important than technology and people. Therefore, focusing solely on IT data centers and operation control centers is not enough. As the supply chain and technology infrastructure domains become highly complex, a comprehensive end-to-end approach is necessary. Each part of the industry value chain needs to be analyzed, assessed, and secured – but not in an isolated way.
These are the factors that are influencing supply chain threats:
- Evolution of the cyber supply chain threat landscape
- Integration of supply chain stakeholders on the cyber threat model
- Inability to determine cascading threat impacts on inbound and outbound supply chains
- Evolving threat landscapes affecting the supply chain organization context
How to Prevent Supply Chain Attacks
You may find below the three main pillars that need to be followed in order to prevent and lower the cybersecurity risk from the supply chain dramatically:
The continuous assessment of the entire network will establish a valid risk management simulation of real-life attack scenarios, which should be in the production environment and executed continuously for maximum visibility.
Identifies the most important attack paths to address and provides remediation recommendations for the security and IT teams.
By continuously mapping your unique critical assets and visually identifying attack paths, you can demonstrate compliance with requirements across many regulatory mandates.
Raz Kotler is VP Customer Operations & CISO, XM Cyber