Supply chain attacks have become more prevalent lately to the point that they managed to damage vital US infrastructures in 2021. As a result, the American government has made tremendous efforts to reform supply chain security and introduce a new standard in government and private sector cybersecurity protocols. What are supply chain attacks, and why do they pose such a huge threat? Better yet, how can security experts prevent them? This article will shed more light on these threats and explore the latest ways to protect private and government supply chain networks.
Defining a Supply Chain Attack
As the name suggests, these types of attacks occur when an organization’s system is breached by supply chain vulnerabilities, usually linked to vendors with poor or outdated security protocols. Usually, vendors will need access to private data to integrate with their users properly, so if the vendor’s system gets infiltrated, the users may also get compromised. And since most enterprise vendors have massive user networks, a breach in a vendor’s system will result in several businesses getting attacked. This minimum effort is what makes supply chain attacks so frightening and efficient – cybercriminals don’t need to “take down” networks and systems one by one. Instead, they infiltrate a single vendor’s system and hack all the data they need from there.
Most Notable Attacks
Because these attacks are highly efficient, it’s no wonder that the threat of supply chain attacks is real and has become rather prevalent in recent years. Unfortunately, there are a couple of examples that can showcase just how efficient and devastating these attacks can be.
SolarWinds — hackers infiltrated the SolarWinds network development company’s system and deployed malicious code into one of their monitoring and management software (Orion IT), which was used by thousands of government agencies and enterprise-level businesses across the globe.
Kaseya – In 2021, the IT company Kaseya revealed that its VSA product used to remotely administer and monitor IT services was attacked. The breach affected around 1,000 organizations, with over a million infected devices.
Codecov – Also, in 2021, someone modified the company’s Bash Uploader script without authorization. The modification allowed the attackers to alter user tokens, keys, or credentials that could be passed Codecov’s CI runner, affecting all datastores, application code, and services that could be accessed via these credentials, keys, and tokens.
Preventing Supply Chain Attacks
The attack on SolarWinds’ Orion IT software showcased just how potentially devastating these attacks can be and also raised several concerns regarding the vulnerabilities in traditional cybersecurity protocols that could be easily bypassed. While the attack on SolarWinds was the most sophisticated cyberattack up to date, it helped raise the bar in securing digital supply chains and introducing new standards to cybersecurity overall. As such, here are a few methods that can help prevent these threats.
Implementing Honeytokens
These act like tripwires, alerting organizations if there’s any activity in their networks that raises suspicion. Honeytokens are fake resources that are disguised as sensitive data. The attackers might interact with these decoys, thinking that it’s valuable data, then a signal is activated, alerting the security experts that hackers are attempting to attack the network. Honeytokens help alert security experts about potential attempts and can help reveal valuable details regarding the methods cyber attackers use. These insights can help security staff isolate specific resources that attackers target and make them more secure with the latest response efforts for each attack method. To get the most out of this approach, vendors should implement the honeytokens.
Securing Privileged Access Management
After cybercriminals infiltrate a system, the first thing they usually do is scan the entire ecosystem looking for privileged accounts. These are the only accounts with access to valuable resources, allowing attackers to extract the data. This is a predictable attack sequence that security experts call the Privileged Pathway. What experts can do is disrupt this sequence by implementing a PAM or Privileged Access Management framework that is able to disrupt this trajectory, but the PAM also needs proper protection to evade the supply chain attack. How can these frameworks be protected?
External defenses
These are proactive strategies like staff education and detecting vendor data leaks. The truth is that staff are the most vulnerable weak points of most systems. Cybercriminals usually manage to trick users and staff into letting them into the system via scam emails and other methods. Proper staff education about the nature of cyberattacks and basic malicious software types can help decrease the number of attack attempts. The users themselves will be able to identify apparent threats. On the other hand, educating vendors about data leaks and implementing third-party solutions for data leak detection can help security experts remediate any threats before they become fully-fledged supply chain attacks.
Internal PAM Defenses
If the outer defenses fail, PAM frameworks can make good use of internal defense strategies as well. For starters, by implementing identity access management features, all privileged accounts can be easily accessed and managed from one interface. This will ensure that every access can be accounted for, limiting exposure risks. Also, encrypting all internal data will make it more challenging for hackers to create data exfiltration backdoors.
Identifying Potential Insider Threats
For the most part, insider threats aren’t even aware that they pose risks to the system with their careless actions. As mentioned above, proper user and staff education can go a long way in making the network more secure and harder to breach. On the other hand, insider threats are more challenging to identify. They can give cybercriminals access to those assets they need to establish the basis for a software supply chain attack. Regularly surveying staff about work feedback and developing a supportive and open work culture can address several critical concerns before stressed or agitated employees become hostile insider threats.
Protecting Valuable Resources
First, security teams need to identify the data that is most likely targeted by hackers. This can be a hard case to crack, but honeytokens can help better understand the motives behind attempts.
Sensitive Data Shouldn’t Be Accessible By Everyone
First, experts must identify all access points to sensitive data to help vendors and employees know whether they are accessing sensitive resources or not. The more privileged access roles a network has, the bigger the attack surface, so to prevent threats, only the minimum number of privileged accounts should be used. This is especially critical in the case of vendor access, as they are usually the first targets in an attack. Mapping out all the access roles to sensitive data can go a long way in rationalizing the number of users in the system with privileges and giving them access only to the data that’s necessary for their processes.
Use a ZTA Architecture
A Zero Trust Architecture is a method that assumes that every activity is suspicious and malicious within the network by default, and only after a series of request passes can users access the data. These frameworks can be modified to suit any supply chain ecosystem, and some advanced options are able to secure remote endpoints, which are popular attack vectors.
Assuming The Worst
When you have an “assume breach mindset,” implementing a ZTA framework comes pretty much naturally. As the name suggests, this mindset dictates that an attack is bound to happen. It may sound grim, but this philosophy shift can greatly encourage organizations to implement the latest and most complex defense solutions and strategies along the entire network, keeping all three potential attack surfaces secure.
These three compromisable areas are:
- People: As mentioned above, cybercrime awareness training can help users and staff implement the best secure user practices.
- Processes: Protect all internal processes with ISP (Information Security Policies) and restrict sensitive data access to the most trustworthy of users.
- Technologies: Using multifactor authentication, antivirus solutions, attack surface monitoring systems, and other security products can help a great deal when it comes to keeping the entire supply chain safe.
Risk Assessment
In reality, vendors will probably not be as serious about security as you. Because of this, you might need external expert help to ensure that the supply chain is secure enough. The automated threat modeling tool can be vital in identifying security risks. It can create the application architecture model to show how your applications are talking to each other and detect vulnerabilities associated with those applications. Third-party risk assessment experts help analyze the security posture of the vendors and disclose any concerning weaknesses that need immediate attention. On this end, vendor network vulnerability monitoring services can also help expose both obvious and hidden weak points as well.
The Importance of a Multi-Faceted Approach
Even though the motives behind a supply chain attack are more or less apparent, the methods that the hackers use are constantly evolving and changing. Attacks may happen from a myriad of angles within an infrastructure, and providers need to be alert and make the best use of every security solution and strategy to maximize their defenses.