Weaveworks 2022.03 release featuring Magalix PaC | Learn more
Weaveworks 2022.03 release featuring Magalix PaC | Learn more
In December 2020, the SolarWinds supply chain attack was discovered. By exploiting open vulnerabilities in the SolarWinds® Orion® infrastructure monitoring platform, attackers distributed malware to every organization that used the software. This attack affected hundreds of companies, including Fortune 500 firms and many federal agencies, such as the Pentagon and the Treasury.
Every organization that relies on third-party vendors is at risk of such supply chain attacks. That’s why they must think seriously about supply chain security.
In a supply chain attack, a threat actor adds malicious code into a vendor’s trusted third-party software. By compromising the software at the source, the adversary can simultaneously attack all organizations that use that software – potentially hundreds or even thousands of them.
Supply chain attacks take advantage of trusted relationships between organizations and their vendors. Threat actors exploit these interconnections to corrupt a vendor’s asset, and the infrastructure of every company that uses the asset.
To protect themselves, organizations must be aware of the various risks that increase their vulnerability to supply chain attacks.
In 2018, cybercriminals stole the personal data of 143 million customers of Equifax, a U.S. credit reporting agency. To do so, they exploited an unaddressed flaw in Apache Struts, a third-party software used to create web applications.
Many companies now utilize external software to scale their business and reduce costs. However, these advantages also create considerable cybersecurity risk, and increase the user organization’s probability of a supply chain attack.
In late 2017, the large-scale “Paradise Papers” data hack was discovered. Of the 13.4 million sensitive files that were leaked, at least 6.8 million came from a single offshore legal services provider.
Today, many third parties have access to their customers’ systems and sensitive data. Whether malicious or inadvertent, any data leak makes their customer vulnerable to supply chain attacks from cybercriminals, malicious competitors, and even rogue nation-states.
By 2025, there will be 30.9 billion Internet of Things (IoT) devices in use. These “smart” devices are very attractive to threat actors looking to perpetrate large-scale supply chain attacks. Connected Heating, Ventilation and Air Conditioning (HVAC) systems create another possible threat pathway, as Target discovered in 2014.
Many suppliers and vendors send and receive massive quantities of corporate data to and from the cloud, increasing the risk of data leaks and supply chain attacks. Moreover, the use of APIs, weak passwords and multi-tenanted cloud services also risk the cloud service provider’s entire supply chain, and by extension, their customers.
Since attackers can leverage multiple weak links in a supply chain to launch large-scale attacks; organizations must implement strategies to detect such attacks early.
Every company must understand its attack surface and security posture. For this, creating an asset inventory is vital. This information can help clarify the gaps in its supply chain, what kind of threats could affect it, and to what extent.
The security team must thoroughly vet every third party before their software (or hardware) is installed, and before they are given access to the organization’s systems or data.
Extra precautions must be taken to secure all devices and endpoints. Systems and data access must be carefully controlled and monitored, and any excess entry points must be mitigated.
Software or devices that are not authorized, approved or monitored by the IT team often create security loopholes that increase the probability of attacks. That’s why it’s critical to eliminate such “Shadow IT” practices.
All new software or updates must be tested in a test environment before full rollout. This can reveal open vulnerabilities, so the firm can take appropriate action to close them before an attack is realized.
Organizations must analyze every vendor’s security framework, including its controls and policies. To minimize risks, policies must be codified using a platform like Magalix. They should also hold the vendor accountable to security standards like PCI-DSS, CMM and SOC-2, and ask about the vendor’s data backup and disaster recovery plans.
Despite employing the best detection strategies, a supply chain attack may still happen. Here are some ways to mitigate them, and minimize the damage.
Implementing threat intelligence can prevent malware propagation, data exfiltration, and unauthorized access attempts before they cause too much damage. Adding vendor-identifiable information to threat intelligence enables the parent company to identify emerging threats or active attacks against a vendor, and initiate relevant countermeasures before a threat actor can move laterally across their network.
Vendors and customers must create incident response plans to notify the other if a compromise happens. The plan must clarify what immediate actions should be taken if the compromised asset belongs to the vendor, or if the vendor is the source of a data leak.
In case of a supply chain breach, intelligent business continuity systems can enable efficient and full recovery. These include local and cloud-based imaging backup solutions, and solutions to reinstate systems to a point prior to the breach.
Detection and response solutions enable security teams to identify good traffic, detect anomalous or suspicious traffic, and take quick action to investigate or address any threats. With predictive failure analyses, they can efficiently detect and respond to cyberattacks.
Magalix Security-as-Code platform empowers organizations to strengthen their cloud-native supply chain with policies covering numerous app-building blocks, including common DBs like MSQL and Postgres. Enforce policies at code, run resilient cloud-native infrastructure, and prevent security gaps or misconfigurations in your software supply chain with clear governance and guardrails.
The SolarWinds attack cost affected companies $12 million on average. The more recent attack on Kaseya affected 1500 companies. In the coming years, such attacks could increase, so every organization that works with third parties must implement robust detection and mitigation strategies to stay ahead of bad actors.
Empower developers to delivery secure and compliant software with trusted application delivery and policy as code. Learn more.
3 mins read
Automate your deployments with continuous application delivery and GitOps. Read this blog to learn more.
3 mins read
This article explains the differences between hybrid and multi-cloud model and how GitOps is an effective way of managing these approaches. Learn more.
4 mins read
Implement the proper governance and operational excellence in your Kubernetes clusters.
“We are on a mission to add intelligence to applications and infrastructure so you can focus on what truly requires human intelligence.”
back
Comments and Responses