Supply Chain Attacks: What are they and what can we do about it?
The prevention of becoming a victim of a cyber attack has long been boiled down into a simple set of instructions; ‘Don’t download attachments or click links of unfamiliar sources’ and ‘don’t hand over credentials to a fraudulent website’.
While this is effective in most cases, the trouble is as people continue to be more cyber-savvy, so too are cyber criminals becoming more sophisticated in their attempts. The result?
Undermining the trust you place in reliable sources and raising a paranoia-inducing question: What if the legitimate hardware and software that makes up your network has been compromised at the source?
This is the case for a growing form of hacking known as a ‘supply chain attack’ which allows the attacker to place malicious pieces of code into a trusted piece of software or hardware after breaking in via weak network protocols, unprotected server infrastructure and unsafe coding practices.
Because software is built and released by trusted vendors, these apps and updates are signed and certified. The malicious code then runs with the same trust and permissions as the app.
Meaning not only you, but the vendor you brought it from is trusting the software and is likely unaware that their apps or updates are infected with malicious code when they’re released to the public.
There have been many examples of supply chain attacks one of the most recent of these being executed on a large scale was SolarWinds, which had a devastating effect on businesses around the world. The malicious code was planted in SolarWinds IT management tool Orion and found its way into 18,000 networks.
However, this attack wasn’t unique. Recently, supply chain attacks have been found in a wide range of software development tools. Including a Chinese hacking group known as Barium, who carried out at least six supply chain attacks over the past five years, hiding malicious code in the software of computer maker Asus in the hard-drive cleanup application CCleaner.
Earlier this week US-based IT management software Kaseya was hit with a ransomware virus that has affected hundreds of businesses not only in the US but also here in New Zealand, where at least 11 schools have been reduced to the pen and paper way of doing things after having their data encrypted.
The blame does not fall onto these business IT providers themselves, but rather much higher up the supply chain (hence the name) getting to the root of the process. This means that there are also many indirect targets in a supply chain attack. Think of it as a stone you throw in a pond, the initial impact is the centre target and when it hits the water a ripple is created. Much like the stone, once the initial impact is made, everything else is a byproduct. It means that hackers improve their odds of landing a steady flow of cryptocurrency even if half of those affected don't pay.
Preventing future supply chain attacks won't be easy; there's no simple way for companies to ensure that the software and hardware they buy haven't been corrupted. Hardware supply chain attacks, in which an adversary physically plants malicious code or components inside a piece of equipment, can be particularly hard to detect. However, there are preventative measures you can take to ensure minimal damage.
The best security policy is to invest in backups and cloud storage. With these processes in place, there is a higher chance that if some corrupted data in a new update or upgrade in c-suite products has been found, your data can be rolled back to a previous restore point to when everything was working.
With ACS, we have our clients backed up on a range of different servers and locations, maximising the protection of your data as is, where it is. These get regularly updated and patched to ensure the most recent data is available but can roll back further if necessary.