Supply chains encompass virtually every business in every industry. Built not just around the flow of goods and services, but the flow of information, supply chains exist wherever a transaction takes place, spanning each step from production to delivery. Given their interdependent nature, compromising a business supply chain can be a lucrative technique for cyber attackers, as one breach can be a potential way into multiple targets at once. And they’re becoming increasingly commonplace; supply chain cyber attacks rose by 42% in the first quarter of 2021 alone.
How do hackers target the supply chain?
Hackers take advantage of the trust between organizations up and down the supply chain; if an organization has a stronger cybersecurity posture, but one of its trusted partners doesn’t, malicious actors will find and target that partner. Establishing a foothold in this partner’s network can allow attackers to gain access to the more secure network.
More than half of supply chain attacks come from established advanced persistent threat (APT) actors, who are experienced in continually evolving and intensifying attack methods to avoid detection and reach new targets. And after supply chains across the world have been challenged with soaring demand, port congestion, and manufacturing delays throughout the past year, there’s a risk that systems will become even more fragile and susceptible to attack.
The software supply chain
The software supply chain in particular has seen a huge increase in attacks, experiencing 12,000 incidents in 2021 alone. It is especially vulnerable as software is rarely written from scratch, involving off-the-shelf components like third-party APIs, open-source components, and proprietary code. With 90% of all applications containing open-source code and 11% of these having known vulnerabilities, it’s clear that a single vulnerability can threaten countless organizations. And as code is reused, these vulnerabilities live on beyond the original software’s lifecycle.
In December 2021, vulnerabilities in Log4j, a popular open-source piece of code, allowed hackers to target systems running the software with malicious code, taking control of vulnerable devices and leaving many organizations, governments, and individuals exposed.
High-profile supply chain attacks
While software supply chain vulnerabilities have been surfacing for some time, recent attacks on prominent application providers have gained national attention. One such incident is the SolarWinds attack, which saw hackers target up to 18,000 customers of the networking tools vendor SolarWinds. The nation-state attackers injected malicious code into the company’s software build cycle, creating a backdoor to thousands of customers’ networks. Taking advantage of multiple supply chain layers, the attack resulted in major corporations like NASA, Microsoft, and the US Justice Department having their data exposed, costing cyber insurance companies up to $90 million.
And SolarWinds wasn’t the first supply chain attack to shake the security industry. The NotPetya attack in 2017 saw malware within compromised Ukrainian accounting software spread to various other countries via the supply chain. The incident disrupted corporations such as Maersk and FedEx, causing several days of operational downtime and more than $10 billion in damage.
Securing the supply chain
84% of security professionals believe that software supply chain attacks could become one of the biggest cyber threats to their business within the next three years. To mitigate the supply chain risks that are making organizations vulnerable to attack, organizations need visibility across any code dependencies within the applications they use, be it commercial, open-source, cloud, or mobile. They also need to be able to effectively prevent new and emerging threats from hitting their business by employing expert threat intelligence.
Centripetal’s CleanINTERNET service provides a fully-managed service that automatically shields malicious inbound and outbound traffic, as well as aggregating cyber threat intelligence from over 3,500 threat feeds to predict and detect emerging threats. The CleanINTERNET service includes a team of dedicated analysts that act as an extension of your security team, helping to bridge the cybersecurity skills gap. By creating a Zero Trust environment, CleanINTERNET shields your organization from 99% of threats known and mapped by the global threat intelligence community, including vulnerabilities like the Log4j incident. This way, you protect your customer data, your reputation, and your partner relationships.
Find out more about preventing supply chain cyber attacks by getting in touch with the Centripetal team
