Supply chain attacks have been on the radar of many organizations and their security teams for several years. However, since the infamous SolarWinds attack in 2020 – which led to widespread and damaging compromises of data, networks and systems – the supply chain attack vector has taken on a new dimension. Indeed, supply chain attacks, which have become an effective way for hackers to gain access to large-scale computer networks, and as such are among the most concerning cybersecurity risks facing organizations today. confronted.
Supply chain risks come in many forms, ranging from complex to relatively simplistic. The UK Government Cybersecurity Breaches Survey, which explores organizations’ cybersecurity policies, processes and approaches and is used to inform government cybersecurity policy, looked at this issue in his latest report. The 2022 survey finds that only 13% of companies review the risks posed by their immediate suppliers, with that number dropping to 7% for their broader supply chain. Perhaps even more worryingly, many organizations generally perceive “big tech” companies to be “invulnerable to cyberattacks.”
With the SolarWinds attack clearly contradicting this belief, it is vital that organizations across all industries begin to take all types of supply chain risk more seriously. SolarWinds is just one of a growing list of disruptive and damaging supply chain incidents. Another was seen when Kaseya – an IT management software company – suffered a breach in which attackers used malware updates containing ransomware to target around 50 of its managed service provider (MSP) customers. ).
This set off a chain of events in which an additional 1,500 customers of these MSPs were also hacked, data was encrypted, and organizations were significantly disrupted as they worked to restore their systems. In some cases, victims are believed to have paid ransom demands but received decryption keys from attackers who did not disclose their full data.
Securing the supply chain
Among a range of preventative and mitigating factors, better cyber hygiene — specifically the separation of some SolarWinds servers from outgoing Internet traffic — could have thwarted the attackers’ efforts, according to the Cybersecurity and Infrastructure Security Agency (CISA). Improving employee training and standard prevention measures can significantly reduce the chances of a successful supply chain attack.
In addition, CISA also states that a software bill of materials (SBOM) – which is an inventory of the ingredients that make up a software component – has “emerged as a key element of software security and risk management in the supply chain. software supply”. Among other things, these can be used to create security advisories that indicate “if a product or products are affected by a known vulnerability or vulnerabilities”.
It is also essential to secure supply chains to provide proactive protection against the risks inherent in the exchange of documents and files. Embedding malware in the most common file types has long been a standard tactic for cybercriminals, who go to great lengths to trick employees into opening them and launching an attack.
The results can be devastating, as seen with the recent breach at cryptocurrency game developer, Sky Mavis, which resulted in the world’s largest crypto heist of $620 million. The cybercriminals behind the attack staged an elaborate – and highly persuasive – fake recruitment and interview process via LinkedIn and gained access to Sky Mavis’ servers when an employee opened a job offer letter. job in PDF format infected with spyware.
But why is it so difficult for organizations to stop these attacks? Today’s cybersecurity tactics frequently rely on detection-based methods to stop malware outbreaks. While these technologies, like antivirus and sandboxing solutions, are essential components of a comprehensive cybersecurity strategy, they also present operational blind spots that can put networks at risk.
For example, reactive security solutions that typically serve as the first line of defense are initially unaware of new vulnerabilities or zero-day exploits. This can cause a “protection gap” that can last up to 18 days until software updates are released and anti-virus programs are updated. As a result, zero-day tactics are now much more effective as anti-virus and sandboxing solutions take time to catch up with these new dangers.
Part of the problem is that 70% of malware found in files when received is of an unknown form, making it invisible to reactive cybersecurity solutions. Instead, companies should take a proactive approach to file security, using tools such as Content Disarm and Reconstruction (CDR) technology, which quickly cleans and reconstructs files to comply with their manufacturer’s published criteria. , thus eliminating any potential danger.
By doing so, security teams not only reduce the protection gap that threatens the integrity of their networks, but they also relieve staff members of the burden of acting as gatekeepers to the infrastructure. As CISA also puts it, today’s threat actors have “the resources, patience, and expertise to access and gain privilege over highly sensitive information.” Until organizations can more effectively secure the supply chain, they will remain vulnerable to increasingly sophisticated adversaries.
Photo credit: Sashkin / Shutterstock
Paul Farrington is Product Manager at glass wall.