Overview
In December 2020, the SolarWinds supply chain attack was discovered. By exploiting open vulnerabilities in the SolarWinds® Orion® infrastructure monitoring platform, attackers distributed malware to every organization that used the software. This attack affected hundreds of companies, including Fortune 500 firms and many federal agencies, such as the Pentagon and the Treasury.
Every organization that relies on third-party vendors is at risk of such supply chain attacks. That’s why they must think seriously about supply chain security.
What is a Supply Chain Attack?
In a supply chain attack, a threat actor adds malicious code into a vendor’s trusted third-party software. By compromising the software at the source, the adversary can simultaneously attack all organizations that use that software – potentially hundreds or even thousands of them.
Supply chain attacks take advantage of trusted relationships between organizations and their vendors. Threat actors exploit these interconnections to corrupt a vendor’s asset, and the infrastructure of every company that uses the asset.
Risks that May Lead to a Supply Chain Attack
To protect themselves, organizations must be aware of the various risks that increase their vulnerability to supply chain attacks.
1- Use of Third-Party Software
In 2018, cybercriminals stole the personal data of 143 million customers of Equifax, a U.S. credit reporting agency. To do so, they exploited an unaddressed flaw in Apache Struts, a third-party software used to create web applications.
Many companies now utilize external software to scale their business and reduce costs. However, these advantages also create considerable cybersecurity risk, and increase the user organization’s probability of a supply chain attack.
2- Data Leaks
In late 2017, the large-scale “Paradise Papers” data hack was discovered. Of the 13.4 million sensitive files that were leaked, at least 6.8 million came from a single offshore legal services provider.
Today, many third parties have access to their customers’ systems and sensitive data. Whether malicious or inadvertent, any data leak makes their customer vulnerable to supply chain attacks from cybercriminals, malicious competitors, and even rogue nation-states.
3- Connected Devices
By 2025, there will be 30.9 billion Internet of Things (IoT) devices in use. These “smart” devices are very attractive to threat actors looking to perpetrate large-scale supply chain attacks. Connected Heating, Ventilation and Air Conditioning (HVAC) systems create another possible threat pathway, as Target discovered in 2014.
4- Cloud Services
Many suppliers and vendors send and receive massive quantities of corporate data to and from the cloud, increasing the risk of data leaks and supply chain attacks. Moreover, the use of APIs, weak passwords and multi-tenanted cloud services also risk the cloud service provider’s entire supply chain, and by extension, their customers.
Supply Chain Attacks: Detection and Prevention Strategies
Since attackers can leverage multiple weak links in a supply chain to launch large-scale attacks; organizations must implement strategies to detect such attacks early.
1- Understand Threats to Existing Assets
Every company must understand its attack surface and security posture. For this, creating an asset inventory is vital. This information can help clarify the gaps in its supply chain, what kind of threats could affect it, and to what extent.
2- Vet All Third-Party Vendors
The security team must thoroughly vet every third party before their software (or hardware) is installed, and before they are given access to the organization’s systems or data.
3- Secure Devices and Data
Extra precautions must be taken to secure all devices and endpoints. Systems and data access must be carefully controlled and monitored, and any excess entry points must be mitigated.
4- Control Shadow IT
Software or devices that are not authorized, approved or monitored by the IT team often create security loopholes that increase the probability of attacks. That’s why it’s critical to eliminate such “Shadow IT” practices.
5- Test New Software and Updates
All new software or updates must be tested in a test environment before full rollout. This can reveal open vulnerabilities, so the firm can take appropriate action to close them before an attack is realized.
6- Insist on Strong Security Measures and Codified Policies
Organizations must analyze every vendor’s security framework, including its controls and policies. To minimize risks, policies must be codified using a platform like Magalix. They should also hold the vendor accountable to security standards like PCI-DSS, CMM and SOC-2, and ask about the vendor’s data backup and disaster recovery plans.
Supply Chain Attacks: Mitigation Strategies
Despite employing the best detection strategies, a supply chain attack may still happen. Here are some ways to mitigate them, and minimize the damage.
1- Deploy Threat Intelligence
Implementing threat intelligence can prevent malware propagation, data exfiltration, and unauthorized access attempts before they cause too much damage. Adding vendor-identifiable information to threat intelligence enables the parent company to identify emerging threats or active attacks against a vendor, and initiate relevant countermeasures before a threat actor can move laterally across their network.
2- Create Incident Response Plans
Vendors and customers must create incident response plans to notify the other if a compromise happens. The plan must clarify what immediate actions should be taken if the compromised asset belongs to the vendor, or if the vendor is the source of a data leak.
3- Deploy Intelligent Business Continuity Systems
In case of a supply chain breach, intelligent business continuity systems can enable efficient and full recovery. These include local and cloud-based imaging backup solutions, and solutions to reinstate systems to a point prior to the breach.
4- Implement Detection and Response Systems
Detection and response solutions enable security teams to identify good traffic, detect anomalous or suspicious traffic, and take quick action to investigate or address any threats. With predictive failure analyses, they can efficiently detect and respond to cyberattacks.
How Magalix Can Help?
Magalix Security-as-Code platform empowers organizations to strengthen their cloud-native supply chain with policies covering numerous app-building blocks, including common DBs like MSQL and Postgres. Enforce policies at code, run resilient cloud-native infrastructure, and prevent security gaps or misconfigurations in your software supply chain with clear governance and guardrails.
Conclusion
The SolarWinds attack cost affected companies $12 million on average. The more recent attack on Kaseya affected 1500 companies. In the coming years, such attacks could increase, so every organization that works with third parties must implement robust detection and mitigation strategies to stay ahead of bad actors.
back
6 mins read
Comments and Responses