Airbus Protect explains: Supply Chain attacks and how to fight them

Supply Chain attacks are an underestimated risk for companies, where cyber threat actors can hack into a software vendor’s network, posing a significant danger to many companies.

Who may be affected by these attacks?

Every company of every branch who is in a business relationship to a third-party vendor who offers services or software to the supply chain.

Why are third-party vendors attacked?

With many large corporations improving their security measures, attackers are looking elsewhere and are  focusing on less secure targets that are easier to breach.

This shift in focus from big enterprises to “softer” targets underscores the importance of cybersecurity for businesses of all sizes. Small and medium-sized businesses must remain vigilant and proactive in protecting their digital assets from cyber threats. Implementing robust cybersecurity measures, such as regular software updates, employee training, and strong password policies, can help defend against potential attacks. By staying informed and investing in cybersecurity practices, businesses can strengthen their defences and safeguard against malicious actors seeking vulnerabilities to exploit.

How can companies be primarily compromised? 

There are different ways a company can be compromised due to its supply chain, here are a few examples:

• Upstream server attacks (most common attacks infect users through downloading software)
• Midstream attacks (targeting software development tools)
• Stolen SSL and code-signing certificate attacks (compromise private keys to authenticate users)
• Dependency confusion attacks (create false software builds)
• CI/CD infrastructure attacks (introduce malware into the development automation)

What are the usual threat vectors?

• Malware Injection
• Third-party software
• Counterfeit Components
• Man-in-the-Middle attacks
• Physical Tampering
• Insider Threats
• Credential Thefts
• Email with malicious attachments (example see below)

Examples of notorious Supply Chain attacks that occurred in the last decade

• Zombie Zero (2014)

Financial and business information was stolen from several shipping and logistics firms by malware hidden in inventory scanners manufactured by a Chinese company.

• Maersk (2017)

Software update of the legitimate accounting software injects malware.

• SolarWinds (2020)

Led to the inclusion of unauthorised malicious code into its software build cycle.

• MOVEit (2023)

The MOVEit Transfer tool, owned by Progress Software, is a globally used tool for transferring sensitive files securely. Attackers exploited the software to discover and exploit a zero-day vulnerability and  compromise more than 2000 organisations worldwide.

How to protect against Supply Chain attacks ?

It is crucial for every company, regardless of its industry, to establish strong partnerships with trusted third-party vendors that provide valuable services or software to the supply chain. By collaborating with reliable vendors, businesses can streamline their operations, enhance efficiency, and deliver high-quality products or services to their customers.

Here are a few key things a business can implement to be more secure:

• Educate stakeholders and users about the risks. 

If stakeholders receive an unexpected request from a seemingly “trusted” sender, it is advisable to verify the request through an alternative method.

• Employ solutions that include behavioural-based attack detection. 

Static defences such as indicators of compromise can be complemented with behaviour-based anomalies to look out for activities such as logins from unusual locations.

• Use Threat Intelligence to stay ahead of supply chain incidents. 

Cyber Threat Intelligence can aid an organisation in staying up-to-date with industry cyber risks as well as tactics, techniques, and procedures being used against a target.

• Conduct security assessments on vendors when necessary and evaluate these vendors according to their security and functionality risks.
• Have a tested and clear Incident Response Process in place.
• Develop and maintain an Updated Asset Inventory.

Conclusion on Supply Chain attacks

Supply Chain attacks can be difficult to detect due to the assumed trust of users or products. Organisations using their protective monitoring to flag abnormal behaviour on devices and within applications and systems stand a greater chance of being able to spot and contain supply chain attacks. 

Other detection capabilities include regular vulnerability scanning, adopting client-side protection tools, and implementing endpoint detection and response tooling into a supply chain’s network infrastructure.

Ultimately, being vigilant and preparing to face growing and changing threat actors, through implementing the right strategies for your business, can mitigate unknown threats and put your company in the best position it can be to face this dynamic environment.

If you want to hear more about how you can challenge threats posed by Supply Chain attacks, please contact us.

MITRE Mappings:

T1195.001 – Compromise Software Dependencies and Development Tools

T1195.002 – Compromise Software Supply Chain

T1195.003 – Compromise Hardware Supply Chain

https://attack.mitre.org/techniques/T1195

https://www.crowdstrike.com/cybersecurity-101/cyberattacks/supply-chain-attacks

https://www.globalresearch.ca/towards-another-devastating-worldwide-crisis-the-wefs-cyber-attack-with-covid-like-characteristics-paralysis-of-the-power-supply-communications-transportation/5764374?pdf=5764374

• Share