Supply chain attacks have been a security concern for a while. But they seem to have ramped up since early 2020…and with no sign of slowing down. The supply chain covers everything from hardware, software, storage (cloud and local), web applications to online stores, HR and management software…the possibilities for attack seem almost endless.
A report released in July 2021 by the European Union Agency for Cybsecurity (ENISA), estimates that there will have been four times as many supply chain attacks in 2021 than in 2020.
The report provides the following insights:
- In 62% of the 2020/21 cases, malware was the attack technique used.
- In 66% of the incidents, attackers focused on the suppliers’ code in order to further compromise targeted customers.
- Around 58% of the supply chain attacks aimed at gaining access to data
What will they want with MY data?
It’s easy to think “nope, that wouldn’t happen to me”. There’s even data out there that suggests that businesses have deferred looking at their cybersecurity in favour of doing something deemed “more important”. But when you think about the kind of data the cyber criminals are after – and what they could access without even really trying, it all feels a little too close…
- Pre-existing software: web servers, applications, databases, monitoring systems, cloud applications…
- Configurations: passwords, API keys, firewall rules, URLs…
- Data: customer and supplier codes, certificates, the personal data of your employees, customers and suppliers…
- Processes: updates, backups…
- Hardware: any hardware produced by the supplier, chips, USBs…
- People: targeted individuals with access to data, infrastructure or other people…
Knowledge is power.
So here’s a list of the most common techniques used in supply chain attacks:
- Malware infection, i.e. spyware used to steal credentials from staff
- Social engineering, e.g. phishing, fake applications, typo-squatting, WiFi impersonation or convincing the supplier to do something…
- Brute-force attack, e.g. guessing an SSH password or guessing a web login
- Exploiting software vulnerability, e.e. SQL injection or buffer overflow exploit in an application
- Exploiting configuration vulnerability, e.g. taking advantage of a configuration problem
- Physical attack or modification, e.g. modify hardware or physical intrusion
- Open-Source Intelligence (OSINT), e.g. search online for credentials, API keys, usernames