The past two years have been a particularly active time for cybercriminals. People across the world have seen the headlines featuring sliding banners covering digital attack after attack.
In particular, ransomware exploits have stolen the most recent coverage. While there’s no doubt these for-ransom attacks are absolutely newsworthy, there is another type of cybercrime that’s been becoming more notable and sophisticated: supply chain attacks.
Supply chain breaches are cyber attacks wherein a bad actor compromises a company through a third-party company that has access to their systems and data.
Let’s talk about why supply chain cyber attacks are gaining force in order to best prepare for and prevent a similar exploit against your company.
Why Are Supply Chain Attacks Increasing?
Businesses everywhere trust third-party solutions to make operations easier. From the reporting tools you use to quantify your metrics to the vendor who manages your cybersecurity needs, we all trust software solutions or service providers and share a certain level of access to our data with them.
Cybercriminals recognize this — and have been increasingly targeting suppliers in digital attacks, knowing they can gain access to a deep chain of associated companies with just one breach. By compromising the right supplier, a bad actor amplifies their reach, not only gaining access to their target’s data, but also the partner data they possess.
Deep, High-Profile Connections
Not only can cybercriminals access more companies than the single supplier they target, but they can also often gain access to higher-payout victims. While the bad actors may not be able to compromise the security defenses of these highly-protected organizations on their own, supply chain attacks mean they really don’t need to. Instead, cybercriminals only need to find a way in through an organization’s partner and capitalize on the trust that the company has in its current partners to launch secondary cyber attacks.
Cybercriminals continue to find new and creative ways to wipe their digital footprints and cover their attacks. Incident responders can often trace the indicator of compromise (IOC) of a supply chain attack and see the path the bad actors took to amplify their reach, but it can be hard to attribute the threat actor behind the breach.
While malicious code can be analyzed and reviewed for signs of technique based on previously investigated cyber attacks, sophisticated bad actors know how to throw investigators off track. For example, they may purposely simulate or add portions of code notoriously used by a nation-state in previous attacks to make investigators think it came from, say, Russia, however, this premeditated move was purposefully deceitful.
Some hackers go to even greater lengths to avoid detection as they move laterally through more and more networks. In one of the supply chain attack examples below, the SolarWinds Orion breach, bad actors logged in with stolen credentials via similar location-based IP addresses to avoid suspicion. Supply chain attacks are difficult to predict or trace when they are executed by those with excellent tradecraft.
Examples of Supply Chain Attacks
While there have been a number of supply chain attacks over the past two years, two stood out for their sophistication and craft more than the others:
In December 2020, SolarWinds Orion faced a large-scale supply chain attack that granted bad actors access to United States government agencies such as The White House, The Department of Justice, The Pentagon, and more. The CISA suspects that the cybercriminals breached SolarWinds through a brute-force password spraying attack, cracking login credentials that granted them access to their internal systems. Then, the threat actors stole the signing keys to their monitoring and management platform and modified an update to their product. This software update was automatically installed on all its customer’s devices that ran their product, planting malware on their networks.
From there, the bad actors moved laterally through the networks to install more backdoors that gained them deeper and deeper access. In the end, 18,000 organizations had malicious code in their network — 50 of them were victims of what they’d consider major breaches.
The supply chain attack on the software vendor, Kaseya, is considered by some to be “The Biggest Ransomware Attack on Record” for the severity and spread of the damage it caused at scale. Bad actors targeted the IT software’s business because they knew how many companies the managed service provider worked with — and that if they could get into Kaseya’s servers, they could access the proverbial motherload.
Of the 60 Kaseya clients that were significantly compromised, it’s projected a downstream of up to 1,500 businesses were affected. Read the full story of the Kaseya 2021 breach here.
Protecting Your Organization Against Supply Chain Attacks
Bad actors look for trusted vendors and leverage that access to compromise companies. In order to safeguard against these types of breaches, it’s crucial to understand the security measures of suppliers — not just your own.
This is just one way to build stronger defenses against supply chain exploits and cyber attacks alike. Download our 5-1/2 Easy Steps to Avoid Cyber Threats for more actionable advice today.