Supply Chain Attack

What Is a Supply Chain Attack?

A supply chain attack is when an organisation, or multiple organisations, is attacked through a third-party vendor.

A third-party vendor, such as software that handles payroll or business-specific equipment, is hacked and then the hackers use that application as a tunnel into all the organisations that the software serves. These kinds of attacks are dangerous and lucrative because they can hit multiple organizations through a single attack.

Supply chains have become more frequent in recent years as organisations digitise, work becomes remote, and manufacturing and other industries utilise the internet of things (IoT) for global business. The supply chain was involved in 61% of incidents in 2021, and the average organisation has dozens if not hundreds of connections to vendors.

While financial gain continues to be the biggest motivator for threat actors, nation-state actors have conducted supply chain attacks to wreak havoc against another country or state.

How Does a Supply Chain Attack Work?

A supply chain attack has two parts. The first part is where a bad actor gains access to an organisation that serves as a third-party vendor to other organisations. Once a hacker has access, they will deploy an attack on the connected organisations. This can come through a variety of ways — past attacks include using phishing techniques, software updates that contain malicious code, and credential theft.

This allows a hacker to attack multiple organisations at once, causing widespread damage with just one piece of malware or ransomware. Supply chain attacks are possible not only because organisations are connected to vendors, but because they often lack visibility into those vendors, grant them too much access, and allow frequent communication.

Commonly, supply chain attacks will occur where one organisation is hacked, that organisation is connected to MSPs, and the hackers will use those MSPs as a bridge to deploy attacks on other organisations.

Why Are Supply Chain Attacks Increasing?

As mentioned above, supply chain attacks are a newer, and more frequent, attack vector for cybercriminals. According to the Ponemon Institute, 49% of organisations experienced a third-party attack in 2022, up from 44% in 2021.

There are a few reasons for this.

Organisations are more interconnected than ever. No longer is a manufacturing plant on-premises only, operating within the walls of a warehouse. More and more aspects are digitised and online, and manufacturing (for example) is now global, not local.
Organisations lack visibility into their third-party vendors. It’s no secret that the internal IT team are overwhelmed and there’s a staffing shortage. That plays into the lack of visibility, and subsequent control organisations have with third-party vendors. They aren’t sure who has access, what they have access to, and how they are using that access. 50% of organisations don’t monitor access, even for sensitive and confidential data, and only 36% of respondents document the level of access for both internal and external users, according to the Ponemon Institute.
Cloud-based applications are increasing. Organisations are relying more on the cloud, with 99% of organisations having at least one cloud-based application, but cloud security is struggling to keep pace with adoption. Add to that a lack of cloud security skills in organisations, and it opens businesses up to major third-party risks.
Organisations are putting too much trust in their vendors. 60% of organisations rely on the third party’s business reputation alone. That is too many not implementing the right access and security management to protect the worst-case scenario from happening. In addition, this trust works in hackers’ favor because a user is much more likely to open a phishing email if it comes from a “trusted” vendor or install a software update without questions.

Examples of Supply Chain Attacks

SolarWinds are not only a popular vendor for organisations to manage their IT systems, they were at the center of a major supply chain attack at the end of 2020. It’s believed the attack was perpetrated by Russian actors.

The attack started when hackers injected malware into the company’s software system, which is utilised by thousands of clients, including the Department of Homeland Security and the Treasury Department. The hackers then sent out a false “software update notification” to customers. If the customers updated their software, the code was automatically added to their applications — creating a backdoor to customer’s IT systems.

The hackers were then able to insert more malware and spyware. Thankfully, not many customers updated their software before the breach was uncovered, preventing what would’ve been a massive malware attack.

Kaseya, a provider of IT and security management solutions for managed service providers (MSPs) and small to medium-sized businesses, was the subject of a ransomware-focused supply chain attack back in 2021 that affected over 40 customers. Through a vulnerability in the Kaseya Virtual System Administrator (VSA) toolset, Russian hacker group REvil, was able to access the network infrastructure of customers (many outsource their management to Kaseya) and insert ransomware. The total requested? $70 million.

How to Prevent a Supply Chain Attack

There are two paths an organisation can take when building defenses against a supply-chain attack. One path is to focus on the vendor, and the other is to focus internally.

Vendor-specific defenses:

Require suppliers to maintain certain cybersecurity standards through your service agreements.
Validate the suppliers’ security posture through audits, metrics, and other tools.

Internal defenses:

Employ identity and access management solutions to limit vendors access to internal systems.
Implement policies that require scanning and monitoring your vendors’ devices once they’re connected to your network.
Use a threat detection and response solution to monitor your environment for anomalies.

How Arctic Wolf Helps Protect Against Supply-Chain Attacks

Arctic Wolf takes a holistic approach to security, which helps organisations manage potential vendor vulnerabilities while also monitoring and detecting any threats that may arise from vendors or vendor connection points.

Managed Detection and Response (MDR): Stopping a threat before it becomes a full-blown breach is critical to security for organisations. As supply-chain breaches increase, being able to detect them at the first sign of trouble (as well as monitor vendor activity within the network) can be the difference between a close call and a ransomware attack. MDR offers 24×7 monitoring, threat hunting, and the Concierge Security Team (CST) to make sure your organisation is fully protected and ready to fight off any threats.

Managed Risk: A connection to a vendor can be a vulnerability and can introduce risk to the environment. Managed Risk works with organisations to address vulnerabilities and make sure every aspect of the security environment is safe and the security journey is moving forward. If a vendor is breached, implementing action items and strategies from the CST and Managed Risk will put the organisation in the best position to stop a breach.

Managed Security Awareness: Once a cybercriminal gains access to a vendor, social engineering becomes a major attack vector for connected organisations. By implementing regular, engaging cybersecurity training for users, organisations can ensure that their employees are prepared as the first lines of defense. It only takes one opened phishing email to disrupt an entire organisation.

Arctic Wolf

Arctic Wolf provides your team with 24x7 coverage, security operations expertise, and strategically tailored security recommendations to continuously improve your overall posture.

© 2024 Arctic Wolf Networks Inc. All Rights Reserved.
Privacy Notice	Terms of Use	Cookie Policy	Customer Portal Policy	Accessibility Statement	Sustainability Statement	Information Security	Cookies Settings

SOLUTIONS

INDUSTRIES

Quickly detect, respond, and recover from advanced threats.

Detect and respond to advanced threats targeting your cloud infrastructure and applications.

Discover, assess, and harden your environment against digital risks.

Explore, harden, and simplify your cloud environment against misconfiguration vulnerabilities.

Engage and prepare employees to recognise and neutralise social engineering attacks.

Recover quickly from cyber attacks and breaches, from threat containment to business restoration.

HOW IT WORKS

Delivering security operations outcomes.

Collect, enrich, analyse.

Ecosystem integrations and technology partnerships.

Tailored security expertise and guided risk mitigation.

Security experts proactively protecting you 24×7.

Meet some of the security experts working alongside you and your team.

TRENDING RESOURCES

NIS2 aims to make the EU as a whole more resilient to cyber threats and strengthen cooperation between Member States on cybersecurity.

Oracle Red Bull Racing trusts Arctic Wolf to secure its expansive IT environment and the mission-critical proprietary data it contains.

The elite security researchers, data scientists, and security developers of Arctic Wolf Labs share forward-thinking insights along with practical guidance you can apply to protect your organisation.

SECURITY BULLETINS

CVE-2024-20353 and CVE-2024-20359: Cisco ASA and FTD Vulnerabilities Exploited by State-Sponsored Threat Actor in Espionage Campaign “ArcaneDoor”

Cisco Duo Third-Party Compromise

Critical Authentication Bypass Vulnerability in Delinea Secret Server Disclosed Along With PoC

COMPANY