Supply Chain Attacks: How cyber Criminals exploit trust between Companies

KIT-Experte warnt vor steigenden Cyberattacken auf kritische Infrastrukturen im Westen

With a 650 percent increase in attacks on supply chains, least privilege access policy, network segmentation, DevSecOps practices, and automated threat defense have become the cornerstones of an organization’s security.
Lothar Geuenich, Regional Director Central Europe/DACH at Check Point

In recent years, the supply chain has been one of the main targets of cyber criminals. The main reason for this was the change in the world of work due to the pandemic measures. Remote work and cloud use increased rapidly, although many companies were not well prepared. As a result, the security forces are overwhelmed and unable to keep up with the threats. According to our Security report 2022, the number of attacks on the supply chain in 2021 increased by 650 percent compared to the previous year. An example of a high-profile attack from last year is the SolarWinds attack, when a group of criminals gained access to the production environment of SolarWinds and installed a backdoor in updates for the network monitoring product, Orion. The customers who used the malicious update experienced data theft and other security issues. Another example was the REvil ransomware gang that abused Kaseya, a software company that provides software for managed service providers (MSP). The criminals were able to infect more than 1000 Kaseya customers with ransomware. They went so far as to demand a $ 70 million ransom for providing decryption keys to all affected users.

But how does an attack via the supply chain work? The trusting relationships between different organizations are exploited because it is obvious that all companies place a certain degree of trust in other companies whose software they install and use in their networks or with whom they work as suppliers. This type of threat thus targets the weakest link in a chain of trust. If a company has a strong IT defense, but employs an insecure, yet trustworthy supplier, cyber criminals will target it. If they have gained a foothold in the network of this provider, the hackers can penetrate the company’s more secure network via this connection. An attack on the supply chain often targets managed service providers (MSP) because they have comprehensive access to their customers’ networks. This allows the hackers to gain access to areas that would be much more difficult to reach directly – after that, all types of attacks are available, whether data misuse, data theft, espionage or ransomware. For example, the SolarWinds hack exposed the sensitive data of several public and private organizations. Malware attacks should also be considered. Hackers often exploit vulnerabilities in the supply chain to smuggle malware into the target company. A malicious backdoor was installed in SolarWinds in this way, and the attack on Kaseya led to ransomware.

Despite the danger posed by these attacks, there are techniques that a company can use to protect itself. First: Implement a Least Privilege Policy. Many companies give their employees, partners and their software excessive access rights and permissions. This facilitates attacks on the supply chain. Therefore, it is imperative to introduce a least privilege policy and grant each employee in the company, as well as the software itself, only those permissions that are necessary for work. Second: segment the network. Software from third-party providers and partners do not require unrestricted access to every corner of the corporate network.

In order to avoid any risk, the network should be divided into zones based on various business functions by network segmentation. In this way, if an attack on the supply chain affects part of the network and the attacker is locked in the segment, the rest of the network will remain protected. Third: Apply DevSecOps practices. The integration of security aspects into the development cycle makes it possible to detect whether software (such as the Orion updates) has been maliciously modified and is therefore contaminated. Fourth: Introduce automated threat defense. Professionals in a Security operations centre (SOC) must protect customers from attacks in all enterprise environments, including their endpoints, cloud environments, and mobile devices.

Taking these steps to heart is also financially worthwhile, because the costs for ransomware damage and its elimination can run into the millions. Therefore, the old German saying should apply: prevention is better than aftercare – and good prevention includes the implementation of a comprehensive IT security architecture that combines various security solutions and consolidates IT defense. This creates order instead of a hodgepodge of different components from different manufacturers, which are often poorly coordinated with each other. By the way, it is also highly recommended to prepare a security strategy as a plan and to discuss an emergency plan.

Dedicated Software Team | Unity3d APP Development

Ready to see us in action:

More To Explore
Enable registration in settings - general
Have any project in mind?

Contact us: