Understanding Supply Chain Attacks
Recent headlines have spotlighted a disturbing new information security threat: supply chain attacks. Unlike more well-known types of cyber threats like phishing, ransomware, and Business Email Compromise (BEC), supply chain attacks have a method all their own: attacking businesses indirectly through their vendors, suppliers, and managed service providers.
ENISA, the European Union Cybersecurity Agency, reports that supply chain attacks may increase four-fold through the remainder of 2021. In addition, cybercriminals are developing sophisticated techniques for attacking targets, requiring that victims find new ways to defend against these threats.
Today we’ll delve into what supply chain attacks are, different types of supply chain attacks, and best practices to protect your business from being victimized by supply chain fraud.
What Is a Supply Chain Attack?
Supply chain attacks occur when a cybercriminal gains access to your data or network through a trusted vendor, partner, or application that has access to your system. Vendor email compromise is a form of supply chain attack (which is also known as supply chain fraud).
This “back door” method of entry can be challenging to detect and trace, leaving many businesses nervous about just how secure their critical data is. In addition, smaller companies may be more at risk due to suboptimal security protocols.
As companies invest in more tools to defend against cyber threats of all kinds, hackers are staying one step ahead. Tools and resources to crack systems are more accessible than ever for threat actors, and supply chain fraud has become an effective and lucrative way to target not just one but hundreds or thousands of targets at once.
Targeting software developers and suppliers has become the path of least resistance for instituting a supply chain hack. When hackers have access to software updates, source codes, or build processes, they can infect legitimate apps with malware, thereby creating a never-ending chain of attack surfaces.
Common types of supply chain attacks include:
- Vendor email compromise
- Third-party software updates
- Application installers
- Pre-installed malware on connected devices
- Compromised code placed into firmware or hardware components
How Does Supply Chain Fraud Work?
While not necessarily easy to implement, the process of supply chain fraud is genius in its simplicity.
Phase 1: Planting
Attackers hunt for unprotected networks, server infrastructures, and unsafe coding techniques. They break in, change source codes, and hide malware in build and update processes.
Phase 2: Lying in Wait
Even legitimate software developers and vendors are usually unaware that their apps are infected with malware when they release updates to the public. The hidden malicious code then runs with the same trust and permissions as the app, since the updates and apps are certified.
Phase 3: Payoff
The malware is then unwittingly spread through the entire supply chain, enabling hackers to infiltrate additional networks to attain email addresses, login credentials, and other forms of PII (personally identifiable information). This sensitive data allows them to double down on additional cyberattacks like ransomware, BEC, and spear phishing.
3 Real-World Supply Chain Attacks
You may be familiar with some highly publicized supply chain attacks in recent years. But while supply chain fraud is surging in popularity and scale, this type of fraud is not new.
A hacking group directed by Russian intelligence service SVR gained access to software developer SolarWinds’ production environment. It then embedded a backdoor in SolarWinds’ Orion network monitoring product, which caused data breaches for SolarWinds customers running their software updates.
- Impact: 100 companies and roughly a dozen government agencies were compromised, including Microsoft, Intel, Cisco, the U.S. Treasury, Justice and Energy departments, and the Pentagon.
British Airways, 2018
British Airways suffered a highly targeted supply chain attack that resulted in the theft of customers’ personal and financial data.
- Impact: 380,000 transactions on British Airways, Ticketmaster, Newegg, and Cancer Research UK websites were compromised.
Attackers used stolen credentials from Target’s HVAC services vendor to access Target’s network, which enabled them to steal customers’ stored payment information.
- Result: Theft of 70 million customers’ PII.
Best Practices for Mitigating Supply Chain Attacks
What’s the best way to lessen the likelihood of being victimized by supply chain fraud? Follow these four best practices.
1. Implement the Principle of Least Privilege
Excessive permissions make supply chain attacks easier to execute. Instituting the principle of least privilege ensures that the minimum number of people in your organization access your company’s critical data. Access to sensitive information should be granted on a “need to know” basis.
2. Perform Network Segmentation
Like the principle of least privilege, entities outside your organization do not need access to all the sensitive information in your network. Network segmentation breaks your system into zones based on necessary business functions. If a supply chain attack compromises part of your network, the rest of the network remains protected.
3. Adhere to Cybersecurity Best Practices
In case you needed another reminder, cybersecurity best practices are a crucial part of your overall security strategy. These include:
- Monitoring your network for external vendor access
- Practicing regular patch management
- Keeping a current asset inventory system
- Maintain strong password policies
- Allow only authorized apps to be installed
4. Use Email Security Software
Last but certainly not least, effective email security software is worth its (figurative) weight in gold. Not only does it spot suspicious emails and activity, but it can remediate cyberthreats exponentially faster — and more accurately — than humans can.
Guard Against Supply Chain Attacks With Armorblox
Is your organization prepared for a supply chain attack?
Armorblox’s advanced algorithms analyze thousands of signals across identity, language, and behavior to protect your human layer from compromise. In addition, our NLU (Natural Language Understanding) models detect PII, PCI, and passwords shared with unauthorized recipients, giving you an accurate snapshot of your organization’s data exposure risk.
Armorblox provides specific protection against third-party attacks like vendor email fraud. Every detected vendor fraud email contains insights like the vendor's risk score (ascertained across our 56,000 customers), communication history, and people the vendor commonly communicates with within the organization.
Security teams also have access to a vendor dashboard that highlights all the vendors an organization communicates with, their risk scores, any potential compromise actions, and other behavioral anomalies (e.g. changed invoice/banking details).