A supply chain attack occurs when the attacker target a vendor, partner or service that has access to a company’s systems or data in order to infiltrate their systems. Third party connections may only have access to a narrow range of a companies systems, however, it only takes the attacker breaching the security of the third party to gain access to the rest of the companies network. Supply chain attacks in technology focus on software or hardware manufacturers where attackers look for insecure practices within the third party connection. This allows them to either inject malicious code into the product or breach the third parties systems to access the targeted companies networks.
Supply chain attacks mainly bloom from commercial software products, open source supply chains and foreign-sourced threats.
Commercial software products:
Many companies use the same vendors or solutions for their networks. If an attacker can penetrate the company that is providing the services, they will likely be able to access their targeted company as well as plenty more. To put it into perspective, if one of the largest cybersecurity companies in the world Cisco were to be breached by an attacker. The numerous amounts of customers Cisco has could all be exposed since the attacker now was access to the network that manages many other companies networks.
Open-source supply chains:
Since open source supply chains are built off the collaboration of community members it is easy for an attacker to slip malicious code into a program. Companies that use said code could be introduced to a new threat without exactly knowing what to look for.
Foreign-sourced threats:
Governments that have significant control over private companies can sometimes force them to include malicious code in their products. Sometimes it doesn’t even have to be enforce by the government but slipped in by another attacker so even the distributor does not know the malicious code is present in their product
There are several types of supply chain attacks, each exploiting security vulnerabilities in trusted solutions used by companies. These include:
- Stolen certificates: When a hacker steals a digital certificate that authenticates the legitimacy or safety of a company’s product, they can use it to distribute malicious software disguised as a trusted product.
- Compromised software development tools or infrastructure: Hackers target the tools used to build software applications, introducing vulnerabilities during the development process—before the application is even created.
- Preinstalled malware on devices: Attackers place malware on devices such as phones, USB drives, cameras, and other hardware. Once the target connects these devices to their network or system, the malicious code is activated.
- Malicious code in hardware firmware: Digital hardware relies on firmware to operate and interact with other systems. Hackers can inject malicious code into the firmware of components, gaining access to a network or system.
It is important to be individually informed of potential frauds or attacks thay may happen. It is crucial to protect personal information, your businesses systems and products that may be distributed from potential threats.