According to Microsoft, the goal of a supply chain attack is to ‘source codes, build processes, or update mechanisms by infecting legitimate apps to distribute malware.’ Supply chain attacks ‘begin with an advanced persistent threat that determines a member of the supply network with the weakest cyber security in order to affect the target organization.’ (CERT-UK report ‘Cyber-security risks in the supply chain’).
Advanced persistent threats (APT’S) are ‘a multiphase, and long-term network attack in which unauthorized users gain access to, and harvest, valuable enterprise data.’ (IBM)
Most often, smaller businesses are the initial targets of these attacks. But these smaller business often provide products and/or services to larger corporations, which then become infected. So, while a small technology company with less than 30 employees may be the initial gateway, anything up to a Fortune 500 business can be impacted.
Take aviation giant, British Airways, for instance. In August 2018, malicious code on the BA website and app was placed to extract customer credit card details and other personal data of over 400,000 customers. While BA was the target, it is likely that third-party suppliers were the original issue here, as ‘third parties may supply code to run payment authorisation, present ads or allow users to log into external services.’ reported the BBC shortly after the attack. The company was fined £20m by the Information Commissioner’s Office (ICO), and new measures with regards to authentication and third-party protocols were put in place.
This incident is one of many. ‘In terms of scale and sophistication, the attack against SolarWinds, in which the highest levels of government were compromised, was unlike an attack seen before. The far-reaching impacts are still being identified today. It is the unpredictability of the attack that was/is the greatest cause for concern, and how attacks like this will influence business and infrastructure in the future. That is why it is important to prepare and safeguard systems as much as possible now, before the damage is done.’- Eleanor Barlow, SecurityHQ
How to Mitigate a Supply Chain Attack
To reduce the chance of becoming a victim of a supply chain attack, implement the right services to detect and respond rapidly, now.
For full visibility of threats targeting you, ensure that you have Managed Extended Detection & Response (XDR) in place.
If you are concerned about the impact of a breach, contact a security expert for advice.
Or, if you think you have been breached, report an incident here.
