All You Need To Know About Supply Chain Attacks

Overview

Supply chain attacks have been a source of concern for cybersecurity specialists for many years. As the name suggests, a supply chain attack focuses on software providers and vendors rather than targeting a specific company across the network perimeter or through phishing and social engineering of employees. By replacing trusted software with a malicious one, the adversary infects multiple organizations at once.

These attacks are becoming increasingly prevalent. In the last quarter of 2020, there were just 19 supply chain assaults. In the following quarter, the number of attacks increased to 27 attacks. In the first quarter of 2021, 137 different groups and a total of seven million individuals were affected by these occurrences.

Facts

Researchers discovered that recognized advanced persistent threat (APT) actors were responsible for more than 50% of recent supply chain attacks.  Cybercriminals used supplier trust in 62% of studied attacks to gain access to crucial access points. 

• Data was the focus of 20% of supply chain attacks.
• Internal processes of suppliers were targeted by 12% of attackers.
• 16% of attacks targeted people.
• Attacks on financial assets accounted for 8% of all attacks.
• Threat actors used malicious code in more than 60% of attacks.

The Most Common Supply Chain Threat Vectors

• Third-Party Software Providers
• Data Storage Solutions
• Development Or Testing Platforms
• Website Building Services.

Organizations Impacted By Supply Chain Attacks

With almost 18,000 companies were hit by the SolarWinds attack alone, the majority of respondents (64%) have been impacted by a software supply chain attack in the previous year.

Do we all recall the historical SolarWinds strike? Let’s go through it again.

SolarWind Attack

SolarWinds was one of the most massive nation-state supply chain strikes we’ve ever seen. Thousands of worldwide institutions were impacted by the breach, including US federal agencies, the Treasury Department, and the Pentagon. The hack impacted the majority of Fortune 500 corporations as well.

Vulnerabilities in SolarWind’s Orion 

According to the SolarWinds Security warning, SolarWinds Orion was first targeted via two vulnerabilities.

• SUNBURST

SUNBURST was introduced into the SolarWinds Orion Platform, versions 2019.4 HF 5, 2020.2 unpatched, and 2020.2 HF 1. When it was exploited, the flaw allow attackers to take control of the Orion Platform server.
SUNSPOT and TEARDROP malware were the additional components of the SUNBURST attack mechanism.

• SUPERNOVA

SUPERNOVA malware was transmitted through a vulnerability in the Orion product.
Additional SolarWinds Vulnerabilities (Discovered After the Attack)
After the initial SolarWind attack, researchers have discovered additional vulnerabilities in the Orion Platform.
They are:

• CVE-2021-25275
• CVE-2021-25274
• CVE-2021-25276

Timeline

SolarWind attack was one of the unforgettable an example of a supply-chain attack. But it was not a one-of-a-kind strike; similar attacks have been around for a long time.

Notable 2021 Supply Chain Attacks

In 2021, supply chain attacks get off to a good start. 

• Mimecast, Jan 2021 

In this attack, hackers obtained access to a certificate used by the vendor to authenticate its services on Microsoft 365 Exchange Web Services. 

• SITA, Mar 2021 

SITA, a supplier of IT systems to 90% of the world’s aviation sector, was exploited in a multinational supply chain attack.

• Codecov, April 2021 

It was an attack against a software testing company, reported in April 2021. Hackers were able to take advantage of a Docker image-building process that had inadequate security.

• Fujitsu, May 2021

Fujitsu Supply-Chain Attack targeted Japanese Government Agencies. It was Fujitsu software that was utilized to get into the agencies’ network and steal data.

• Mayanmar, June 2021 

This supply chain attack targeted the Myanmar presidential office website, in which a threat actor inserted malware into a localized Myanmar font bundle accessible for download on the site’s home page.

• Kaseya, July 2021 

In July 2021, a ransomware supply chain breach affected about 50 MSPs. The REvil ransomware attack propagated through MSPs and affected between 800 and 1,500 companies worldwide.

Best Practices for Supply Chain Security

• In terms of the supply chain, the most essential step is to document all maintenance, particularly software upgrades. Software testing results, such as those obtained through the use of a sandbox, should be preserved for subsequent analysis or forensics. For this, a core protection framework should be put in place.
• Privileged accounts are the only ones with access to sensitive information. Sensitive data access is attempted when a privileged account is discovered. As a result, the security of Privileged Access Management (PAM) is important.
• Penetration testing and vulnerability scanning should be performed on a regular basis to discover possible supply chain security flaws. You could then block down any potential compromise routes from there.
• A proven, enterprise-grade security solution is required for detecting and stopping sophisticated targeted attacks. Organizations must understand who their software and hardware providers are, evaluate them, and hold them accountable to specific criteria
• Minimize access to sensitive data. It will assist you in keeping track of all of the workers and vendors that have access to your sensitive data.
• Send regular third-party risk assessments. Third-party risk evaluations reveal each vendor’s security posture as well as any critical flaws that need to be addressed.
• Identify and safeguard vulnerable resources as well as potential insider threats.
• Monitor the vulnerabilities in the vendor network and data breaches regularly.
• The organization should identify any dependencies that certain supply chain components have on the delivery of key services to the enterprise.
• Organizations can establish a functioning front line of defense by adopting an “always verify, never trust” strategy. Even familiar programs and services must undergo authentication tests before getting network access under zero trust.

In a nutshell, 

Supply chain attacks are becoming more frequent, but they are also becoming more targeted and smart. From the Stuxnet attack to the recent SolarWinds SUNBURST backdoor trojan attack in 2020. These attacks are quite dangerous as they have resulted in significant losses, setbacks for the victims, and reputational damage.

Over half of all cyberattacks aim to reach their final targets through third parties. To reduce the possibilities of a supply chain attack, you should constantly evaluate and renew the policies of organizations and vendors. Increasing supply chain visibility, building a trustworthy connection with third-party partners, and implementing all essential cybersecurity updates may all assist your company to reduce supply chain risks.