Supply chain attacks have been a source of concern for cybersecurity specialists for many years. As the name suggests, a supply chain attack focuses on software providers and vendors rather than targeting a specific company across the network perimeter or through phishing and social engineering of employees. By replacing trusted software with a malicious one, the adversary infects multiple organizations at once.
These attacks are becoming increasingly prevalent. In the last quarter of 2020, there were just 19 supply chain assaults. In the following quarter, the number of attacks increased to 27 attacks. In the first quarter of 2021, 137 different groups and a total of seven million individuals were affected by these occurrences.
Researchers discovered that recognized advanced persistent threat (APT) actors were responsible for more than 50% of recent supply chain attacks. Cybercriminals used supplier trust in 62% of studied attacks to gain access to crucial access points.
With almost 18,000 companies were hit by the SolarWinds attack alone, the majority of respondents (64%) have been impacted by a software supply chain attack in the previous year.
Do we all recall the historical SolarWinds strike? Let’s go through it again.
SolarWinds was one of the most massive nation-state supply chain strikes we’ve ever seen. Thousands of worldwide institutions were impacted by the breach, including US federal agencies, the Treasury Department, and the Pentagon. The hack impacted the majority of Fortune 500 corporations as well.
According to the SolarWinds Security warning, SolarWinds Orion was first targeted via two vulnerabilities.
SUNBURST was introduced into the SolarWinds Orion Platform, versions 2019.4 HF 5, 2020.2 unpatched, and 2020.2 HF 1. When it was exploited, the flaw allow attackers to take control of the Orion Platform server.
SUNSPOT and TEARDROP malware were the additional components of the SUNBURST attack mechanism.
SUPERNOVA malware was transmitted through a vulnerability in the Orion product.
Additional SolarWinds Vulnerabilities (Discovered After the Attack)
After the initial SolarWind attack, researchers have discovered additional vulnerabilities in the Orion Platform.
They are:
SolarWind attack was one of the unforgettable an example of a supply-chain attack. But it was not a one-of-a-kind strike; similar attacks have been around for a long time.
In 2021, supply chain attacks get off to a good start.
In this attack, hackers obtained access to a certificate used by the vendor to authenticate its services on Microsoft 365 Exchange Web Services.
SITA, a supplier of IT systems to 90% of the world’s aviation sector, was exploited in a multinational supply chain attack.
It was an attack against a software testing company, reported in April 2021. Hackers were able to take advantage of a Docker image-building process that had inadequate security.
Fujitsu Supply-Chain Attack targeted Japanese Government Agencies. It was Fujitsu software that was utilized to get into the agencies’ network and steal data.
This supply chain attack targeted the Myanmar presidential office website, in which a threat actor inserted malware into a localized Myanmar font bundle accessible for download on the site’s home page.
In July 2021, a ransomware supply chain breach affected about 50 MSPs. The REvil ransomware attack propagated through MSPs and affected between 800 and 1,500 companies worldwide.
Supply chain attacks are becoming more frequent, but they are also becoming more targeted and smart. From the Stuxnet attack to the recent SolarWinds SUNBURST backdoor trojan attack in 2020. These attacks are quite dangerous as they have resulted in significant losses, setbacks for the victims, and reputational damage.
Over half of all cyberattacks aim to reach their final targets through third parties. To reduce the possibilities of a supply chain attack, you should constantly evaluate and renew the policies of organizations and vendors. Increasing supply chain visibility, building a trustworthy connection with third-party partners, and implementing all essential cybersecurity updates may all assist your company to reduce supply chain risks.