In the digital age, supply chains are essential for the smooth functioning of businesses and the economy at large. Businesses increasingly rely on an interconnected ecosystem of suppliers, software and services to function. However, in recent years, we have witnessed a growing threat: supply chain attacks. This digital “supply chain”, while offering efficiency and flexibility, also creates new vulnerabilities that cybercriminals are exploiting with increasing frequency. These attacks, often silent and difficult to detect, represent a serious concern for organisations around the world, as they have the potential to affect a large number of businesses and users simultaneously. In this article, we explore what these attacks are, how they are carried out and what steps businesses can take to protect themselves.

Defining a supply chain attack

First, we must define what supply chain attacks are: they are malicious strategies designed to compromise the integrity, security, or availability of products or services in a supply chain. They occur when a cybercriminal attacks a supplier or a component used by multiple companies. By compromising a single point in the chain, the attacker can gain access to the networks and systems of multiple organisations without having to attack them directly.

These attacks can take many forms: from the insertion of malware into products or software to the manipulation of physical components during the manufacturing process. Below, we will have a look at some of the most common ones.

Most common supply chain attacks

• Attacks on open source components: Open source components are widely used in software development. Cybercriminals can insert malicious code into these components, which then becomes part of the software of many companies.
• Watering hole attacks: Cyber criminals can compromise a website or web service used by a specific group of companies or users. When victims visit the infected website, they can be infected with malware or redirected to malicious websites.
• Malware infiltration: Attackers can compromise the supply chain by inserting malware into the software or firmware of products before they reach end consumers. This type of attack can have devastating consequences, since malware can lie dormant for a long time before becoming active and is (therefore) difficult to detect.
• Hardware manipulation: In some cases, attackers can infiltrate the supply chain by physically manipulating hardware components. For example, they could alter electronic devices to include backdoors that allow them to remotely access systems once they are operational.
• Attacks on Service Providers: Service providers in the supply chain are also vulnerable to attacks. For example, a cloud storage provider could be compromised, allowing attackers to access sensitive data stored by multiple customers.

These types of attacks have devastating consequences for the organisations affected. In addition to the financial costs associated with the loss of data or disruption of business operations, these attacks can also damage a company’s reputation and undermine customer confidence, leading to significant financial losses.

Supply chain attacks: examples

Some well-known examples that we can use as a reference are the following:

• Attack on SolarWinds (2020): This is one of the most notorious supply chain attacks in recent years. Attackers compromised SolarWinds’ network management software, inserting malware known as “Sunburst” into a software update. This allowed the attackers to access the networks of thousands of organisations, including government agencies and large enterprises, for months before being detected.
• Target attack (2013): In this case, attackers compromised Target’s supply chain through an HVAC (Heating, Ventilation and Air Conditioning) supplier. Attackers gained access to Target’s networks through the supplier’s stolen credentials and then installed malware on the company’s point-of-sale systems. As a result, the data of millions of Target customers was stolen.
• Asus attack (2019): Attackers compromised Asus’ software update servers, inserting malware into firmware updates distributed to Asus users. This allowed the attackers to access thousands of computers worldwide. While the exact number of affected devices remains unknown, estimates run as high as one million.
• Attack on Supermicro’s supply chain (2018): Chinese attackers reportedly infiltrated Supermicro servers during the manufacturing process, inserting malicious chips into the servers’ motherboards. These chips gave attackers remote access to the systems of any organisation that used these servers.

What can we do to prevent or remedy supply chain attacks?

There are a number of alternatives to protect yourself:

• Supplier evaluation:
  • Carry out a thorough due diligence process when selecting suppliers in the supply chain. This includes investigating the supplier’s safety record, internal safety practices and history of compliance with relevant safety regulations.
  • Regularly audit suppliers to make sure they comply with any and all security policies agreed upon and to identify potential vulnerabilities or risks.
• Continuous monitoring:
  • Implement continuous monitoring systems throughout the supply chain to detect potential security intrusions or anomalies.
  • Use intrusion detection and behavioural analysis tools to identify suspicious activity in real time.
  • Set automatic alerts for unauthorised or potentially malicious activity in the supply chain.
• Software and firmware security:
  • Verify the authenticity and integrity of software and firmware updates prior to deployment. Use digital signatures and hash verification to ensure that updates are from legitimate sources and have not been tampered with.
  • Implement security mechanisms in the software and firmware development process to prevent the insertion of malware or vulnerabilities during development.
  • Maintain up-to-date security systems and apply security patches regularly to mitigate known vulnerabilities in the software and firmware used in the supply chain.
• Education and awareness-raising:
  • Foster a culture of security throughout the organisation and among suppliers, emphasising the importance of supply chain security and shared responsibility for the protection of company assets and data.
• Backup and redundancy:
  • Implement backup and redundancy strategies in the supply chain to mitigate the impact of potential disruptions or security compromises.
  • Maintain up-to-date backups of critical data and important systems in secure locations and away from potential attacks.

Supply chain attacks are a real and growing threat to the cyber security of businesses in the digital age. With consequences ranging from financial loss to reputational damage, it is crucial that organisations take proactive steps to protect themselves by implementing robust security measures, thorough due diligence practices in supplier selection, and constant surveillance policies. In an increasingly interconnected world, supply chain security is more important than ever, and Teldat is at the forefront of protecting enterprise communications for both IT and OT environments, mitigating the risk of potential attacks.