Last updated on August 21st, 2021 at 07:19 pm
While they're quite rare, supply chain attacks are incredibly destructive because they inject malware into trusted software and sources.
While the large majority of breaches occur due to low tech hacking techniques, there is still plenty of room in the world for high tech attacks. One of the most dangerous types of hacking is when the software and companies you trust has been compromised. So what is a supply chain attack and how can you protect yourself?
What is a Supply Chain Attack?
A supply chain attack occurs when a legitimate source of a piece of software or hardware is compromised itself. In the case of SolarWinds, the backdoor code was planted into the source code of their Orion software.
This is incredibly dangerous because it means that customers downloading patches from SolarWinds’ own update servers received the trojanized version of the software and installed it on their own systems.
If you can’t trust the developer of the software you’re using, then who can you trust? This is what makes the supply chain attack so incredibly devastating.
Real World Examples of a Supply Chain Attack
In recent days, a massive breach occurred when software made by SolarWinds was distributed by the company after the code had already been compromised. While details are still pending, Russian technological fingerprints seem to be all over the attack and the software had been in use on countless government agencies and over 450 of Fortune 500 companies..
Supply chain attacks are much more rare than other types of hacking; they generally involve a high level of planning & funding. In addition to the current SolarWinds supply chain attack, here are a couple other examples from Wikipedia:
In 2017, a financial package known as M.E.Doc which is used in the Ukraine was infected with the NotPetya virus. The virus was placed within the core code of the software and then downloaded by their subscribers. The method of getting the virus into the core code is still unknown.
In 2018 the British Airways website contained code that harvested customer payment data that could later be used by malicious individuals.
The massive customer data breach experienced by Target back in 2014 was the result of a supply chain attack carried out against one of their HVAC providers. The software used to control the HVAC system had already been compromised and provided a gateway for hackers to enter Target’s point-of-sale systems.
Protecting Against Supply Chain Attacks
There’s no 100% way to protect against any intrusion, but there are steps that can be taken to avoid it and to detect it if it does happen.
Limit Reliance on 3rd Party Resources
One of the most effective ways to ensure you lessen your attack surface for any type of attack is to only install what you need. While lean-running small companies generally do this due to budget constraints, a lot of larger companies end up using a lot of nice-to-haves rather that simply the necessities.
A very simple example is the general practice of only using the WordPress plugins that you actually need on your website rather than installing all the ones that provide cool features that aren’t really necessary.
There’s a reason that most successful supply chain attacks are those that revolve around needed products. SolarWinds Orion is overkill and expensive for small businesses, but for larger businesses it’s almost a requirement to have it or some software like it in order for the IT Department to monitor and manage all of the company’s resources. Similarly, in Target’s case, HVAC systems are a necessity.
Baseline and Realtime Monitoring
Do you know what your systems look like when they were first installed? What were the average CPU rates on servers when you first got them up and running? Do you know what the normal amount of data leaving your network is?
These measurements are called baselines, and continuous monitoring of your systems compared to their baseline can be an indication that something is wrong.
Are your servers suddenly sending packets of data out to the Internet that they never used to send before? This could be an indication that your systems are exfiltrating your data to an adversary. Are some of your servers suddenly running at abnormally high CPU rates? This could be an indication that your CPU cycles are being stolen for crypto mining malware.
It goes without saying that the most recent SolarWinds hack is so dangerous because the product which was hacked in the supply chain was one designed for monitoring just this type of activity!
Dedication to Cyber Security
Ultimately, in many cases, protection against intrusion requires consistent vigilance and a dedication to cyber security. The entire organization should be responsible for properly vetting 3rd party resources and keeping up to date with the latest security news.
Most large infrastructure providers release regular security bulletins that you should subscribe to and never get in the habit of ignoring as they contain critical information about the systems you already have running in your environment.
There’s no avoiding the fact that it takes time and resources to do this, and that may be a challenge for many companies which haven’t properly budgeted for the expense and maintenance of their information infrastructure. These companies will choose to either adjust their budgets, or operate at risk.
In this post, we talked about what is a supply chain attack and illustrated some real-world examples of successful attacks carried out by malicious hackers. We also talked about avoiding & detecting supply chain attacks, and recovering from them.
No business or organization is completely protected from the supply chain attack or any other hacking attempts for that matter. In the global game of digital warfare, the best one can do is remain vigilant and keep the odds in their favor by making it as hard for the bad guys as possible.