There is an increasing reliance on managed service providers and online IT management solutions—tools that have significant authority and privileged access inside the networks of other organizations. While these solutions have essential roles in how companies operate and compete, they are being weaponized by cybercriminals to implement devastating and far-reaching cyberattacks.
Consider the recent high-profile attacks involving Kaseya, Codecov, Microsoft Exchange Server and SolarWinds. Some cybersecurity experts believe that supply chain attacks like these, ones in which a company is used as a launch pad for compromising a significant number of customer networks and devices, are just a very small precursor of what is likely to occur in the very near future as cybercriminals become more aggressive. Most of these attacks were the end result of stolen zero-day vulnerabilities and created significant physical ramifications in the real world. The attacks are representative of the inherent danger of a supply chain attack: It can significantly amplify the destruction of a single security breach.
SUPPLY CHAIN ATTACKS ARE DIGITAL DISRUPTIONS ON A GRAND SCALE
In a typical supply chain attack, an attacker will target cyber vulnerabilities of a third-party provider, such as an IT services company or software vendor, and use that vendor’s product or service to gain unauthorized access to and infect the clients of the company. By targeting the mechanisms organizations use to manage and update their systems, software and any other aspects of their IT infrastructures, cybercriminals can covertly disseminate malware to the vendor’s clients using trusted software or hardware (malware can be preinstalled on devices). Because the vendors are trusted, the malware is able to operate with the same permissions as the infected software and can remain undetected by anti-malware, anti-virus programs and any other traditional defenses the clients may use.
Any organization that uses the software from a compromised vendor can be ensnared in the attack. The almost indiscriminate manner in which organizations can be drafted into a supply chain attack poses very high risks for small-sized and medium-sized organizations that may otherwise be ignored by hackers in lieu of larger targets that may generally promise more gains. These types of attacks have the propensity to be even more catastrophic when larger vendors that have a larger customer base are targeted.
The use of lax coding standards, unprotected server infrastructures and unsecured network protocols are some of the target vulnerabilities used to launch a supply chain attack. According to CISA and NIST, the three most common methods used to execute supply chain attacks are:
Hijacking updates or patches
Undermining code signing
Compromising open-source code
SUPPLY CHAIN ATTACKS ALLOW CYBERCRIMINALS TO OPERATE AT SCALE
Whether they are nation-states or cybercrime organizations, cybercriminals will always seek out the ways in which it is less costly to breach a target. In most cases, the goal is to produce the maximum impact with least amount of effort. Investigating and selecting a target, determining how to access that target’s system and using that point of access to acquire data or ransom can take significant time and resources and hinder the efficiency at which cybercriminals operates.
In a supply chain attack, cybercriminals are able to leverage two important aspects of the software supply chain that make organizations susceptible to the attacks, particularly if the cybersecurity measures in place are inadequate:
The privileged access a vendor has within the network systems of its clients
The high frequency of communication between a vendor’s network and the vendor’s software located on a client’s network
Once cybercriminals penetrate a vendor’s vulnerabilities, they can then compromise virtually an unlimited number of the vendor’s clients simultaneously. They can produce the outcome they want, whether it is to launch ransomware, conduct cyber espionage or cause intentional disruption. There is a cascading effect with this type of attack, from the third-party provider to the direct clients of the vendor. And if those clients provide IT management services, such as was the case with the Kaseya hack, even more organizations will be impacted. Victims of a supply chain attack can easily number in the thousands.
MITIGATING THE THREAT FROM SUPPLY CHAIN ATTACK
A supply chain attack can be considered one of the more insidious forms of cyberattacks because it infringes on the trust that has routinely existed between a vendor’s product or service and the client. However, implicit trust in cybersecurity is a liability. In order to ensure the protection of their data, organizations should employ a zero-trust approach to securing their IT infrastructure, treating all network traffic as suspect, including updates from trusted business partners. To mitigate their risks of being in a supply chain attack, organizations should:
Increase visibility into their software supply chain by assessing of all the external software and IT service vendors being used. The more third-party vendors being used, the higher the possibility an organization may be exposed to an attack through them.
Ensure their software vendors are presenting the best defense against cyberattacks. Software service providers have a responsibility in helping prevent supply chain attacks by ensuring the principal technology used in attacks have sufficient cybersecurity measures, including hardened encryption.
Protect internal data with strong encryption and extensible MFA throughout an organization. All internal data should be protected with quantum-safe security that can provide protection against unauthorized access to their data. For example, encryption provided XSOC Cryptosystem is a necessary layer of cybersecurity that can prevent data from being siphoned out during a supply chain attack. Identity assurance, both human and device, with MFA and endpoint protection enabled by SOCKET can also help prevent unauthorized access.
Change the manner in which software patch installations are handled. Conventional practice would have organizations applying patches as often and as soon as they are available, bypassing standard security measures, like antivirus protections. However, with the rising number of supply chain hacks, software updates should undergo more scrutiny and be treated with the assumption that they could pose a risk to the organization.
XSOC CORP CAN HELP CREATE THE BEST CYBER DEFENSE
It is necessary to have the right cybersecurity measures in place to create an IT infrastructure that can help your organization mitigate all cyber risks, including supply chain attacks. At XSOC CORP, we can provide your organization with the scalable encryption and cryptography solutions needed to reinforce your network security and keep your organization’s data protected.