Talk to an Expert
Search
Close this search box.
Talk to an Expert

Supply chain attack

How to protect against, or recover from, supply chain attacks

There will be 4x more supply chain attacks in 2021*

Supply chain attacks are commonly overlooked cyberattacks, but they can cause disastrous damage given enough time. Supply chain attacks target vendors and suppliers instead of directly targeting a specific business, making them harder to detect and prevent if your vendors aren’t maintaining strict cybersecurity policies and using the best tools. 

In this guide, we’ll look closer at what a supply chain attack is, how to detect it, and how to prevent your business from becoming the next victim of a supply chain cyberattack.

*Source: The European Union Agency for Cybersecurity

How supply chain attacks work

Supply chain attacks are frightening because of how undetectable they may be. here’s how it works:

  1. Attackers hunt for unsecure network protocols, unprotected server infrastructures, and unsafe coding practices, usually from from trusted vendors.
  2. They then break in and change the code, hiding their malware in build and update processes.
  3. These apps and updates are then signed and certified, with the software vendor unaware that their app or update has been infected with malicious code, unwittingly releasing this infected product to the public.
  4. The malicious code then infiltrates user systems with ease, as it runs with the same trust and permissions as the uninfected app would.

The number of victims can be quite significant, especially when popular apps are targeted. For example, one case saw a free file compression app poisoned and deployed to customers in a country where it was the top utility app.

The toll on businesses

Supply chain attacks can occur at all stages of the ICT supply chain lifecycle.

There are many notable examples of incidents at all points in the ICT lifecycle. Here are a few that took place in recent times:

  • Design

Hijacked Cellular Devices 2016 – A foreign company designed software used by a U.S. cell phone manufacturer. The phones made encrypted records of text and call histories, phone details, and contact information and transmitted that data to a foreign server every 72 hours.

  • Development & Production

SolarWinds 2020 – An IT management company was infiltrated by a foreign threat actor who maintained persistence in its network for months. The threat actor left the network only after it had compromised the company’s build servers and used its update process to infiltrate customer networks.

  • Distribution

End-User Device Malware 2012 – Researchers from a major U.S. software company investigating counterfeit software found malware preinstalled on 20 percent of devices they tested. The malware was installed in new desktop and laptop computers after they were shipped from a factory to a distributor, transporter, or reseller.

  • Acquisition & Deployment

Kaspersky Antivirus 2017 – An overseas-based antivirus vendor was being used by a foreign intelligence service for spying. U.S. government customers were directed to remove the vendor’s products from networks and disallowed from acquiring future products from that vendor.

  • Maintenance

Backdoors Embedded in Routine Maintenance Updates 2020 – Thousands of public and private networks were infiltrated when a threat actor used a routine update to deliver a malicious backdoor.

  • Disposal

Sensitive Data Spillage 2019 – A researcher bought old computers, flash drives, phones and hard drives, and found only two properly wiped devices out of 85 examined. Also found were hundreds of instances of personally identifiable information (PII) spillage, including Social Security numbers, passport numbers, and credit card numbers.

If you’d like to learn more about how the ICT Supply Chain Lifecycle can be compromised, see this factsheet.

0
%
YoY increase in SSC attacks

Source

$
0
mil
The average cost of an attack
0
%
of breach victims are small businesses

THE THREAT LANDSCAPE

Types of supply chain attacks how to prevent them

Types of supply chain attacks include:

  • Compromised software building tools or updated infrastructure.
  • Stolen code-sign certificates or signed malicious apps using the identity of dev company.
  • Pre-installed malware on devices (cameras, USB, phones, etc.).
  • Compromised specialised code shipped into hardware or firmware components.

Your CTO or IT teams can protect against supply chain attacks by:

  • Using endpoint detection and response solutions that can automatically detect and remediate suspicious activities.
  • Deploying strong code integrity policies to allow only authorized apps to run.

Software vendors and developers can protect against attacks by:

  • Maintaining a highly secure build and update infrastructure.
  • Developing an incident response process for supply chain attacks.
  • Building secure software updaters as part of the software development lifecycle.

Source

ACTION PLAN

Our advice and recommendations

Map your system, especially your most critical relationships, and use a third-party tracker to find the weakest links in your supply chain.

Scrutinise your software vendors against the performance standards you expect. Software and applications that your company uses should undergo the same level of scrutiny and testing that your network devices and users do. After a fuller accounting of your third-party and supply chain risks, identify ways to simplify your business relationships and supply chain. Should you pare down? Combine?

The latest on Supply Chain Attack

Gridware is proud to be a thought-leader in cybersecurity, creating and leading conversations in this space. Check out a selection of our published work from our Sydney based Cyber Defence Centre (CDC), and learn how our cyber expertise has led to partnerships with leading Australian Universities.

Cybersecurity Latest

US Ban on Chinese Cars Raises Cybersecurity Concerns as Aussies Embrace BYD and MG

Cybersecurity Latest

Gridware CEO Speaks to Al Jazeera as CrowdStrike Issues Root Cause of Major IT Outage

Cybersecurity Latest

Investigation Underway for Major Data Breach Impacting Over 1 Million NSW Club Customers

Cybersecurity Latest

US Ban on Chinese Cars Raises Cybersecurity Concerns as Aussies Embrace BYD and MG

Cybersecurity Latest

Gridware CEO Speaks to Al Jazeera as CrowdStrike Issues Root Cause of Major IT Outage

Cybersecurity Latest

Investigation Underway for Major Data Breach Impacting Over 1 Million NSW Club Customers

How Gridware can help

Security Assessments

As a provider of CREST-approved penetration testing as well as vulnerability assessment, social engineering and red teaming services, Redscan’s ethical hacking team has extensive experience of assessing organisations’ technology, personnel and processes against the latest attack techniques and helping organisations to address them.

Threat Detection

Detecting a supply chain attack quickly is the key to ensuring the damage isn’t irreversible. Firewalls and antivirus software are not enough to protect you against the latest threats. Our certified security professionals employ cutting-edge threat intelligence to hunt for malware and other cyber threats and help quickly shut them down.

Training & Awareness

Your users are your last line of defense. Educate them about the latest email threats, and ensure they understand their fraudulent nature and know how to report them to your security teams. Barracuda security awareness training and phishing simulation provides all necessary tools to train your users to recognize and report phishing emails, which will prevent email fraud and data loss.

Protect your data

If threat actors take control of your data, there’s no need to pay a ransom or go through a difficult and tedious recovery process — if you have a strong, modern, easy-to-use backup solution. We offer superior backup solutions — on-premises or in the cloud — that make it simple and fast to restore an up-to-date copy of any file, whether you’re restoring an entire server or specifically selecting files to restore.

Get in touch today

Our team is ready to answer your queries. Contact us now.

Site Navigation

Contact

Sydney Offices
Level 12, Suite 6
189 Kent Street
Sydney NSW 2000
1300 211 235

Melbourne Offices
Level 13, 114 William Street
Melbourne, VIC 3000
1300 211 235

Perth Offices
Level 32, 152 St Georges Terrace
Perth WA 6000
1300 211 235

Incident Response

Penetration Testing

Governance & Audit

Company

About Gridware

Learn more about the team at the forefront of the Australian Cyber Security scene.

About Us →

Meet the Team →

Partnerships →

Careers

Learn more about the team at the forefront of the Australian Cyber Security scene.

Career Opportunities →

Internships →

Media

Media appearances and contributions by Gridware and our staff.

See More →

Services

Services

Whether you need us to take care of security for you, respond to incidents, or provide consulting advice, we help you stay protected.

View all services →

Web App Pen. Test Calculator →

Network Pen. Test Calculator →

Featured Categories

Governance & Audit

Legal and regulatory protection

Penetration Testing

Uncover system vulnerabilities

Remote Working & Phishing

Fortify your defenses

Cyber Security Strategy

Adaptation to evolving threats

Cloud & Infrastructure

Secure cloud computing solutions

View All Services

Products

Gridware 360

End-to-end security suite

Gridware Managed Services

Comprehensive & proactive security

Gridware CloudControl
360

Harness the benefits of cloud technology

Gridware Incident Response 24/7

Swift, expert-led incident resolution

Solutions

By Industry

By Regulation

By Threats

Resources

Resources

A collection of our published insights, whitepapers, customer success stories and more.

Subscribe to Cyber Insights

Published Insights

Cybersecurity Latest

Success Stories

Customer success stories from real Gridware customers. Find out how we have helped others stay on top of their Cyber Security.

Read More →

Contact Us