Why AD360

A proven leader in identity and access management

ManageEngine AD360 offers a dynamic and scalable platform designed to centralize identity management within your operational framework.

Irrespective of your industry, specific use cases, or support requirements, AD360 is uniquely equipped to meet your diverse needs effectively and comprehensively.

9 out of every 10 Fortune 100 companies trust ManageEngine

Companies logosCompanies logos
Solutions

"We were able to meet the compliance stipulations of our Community Connect host, who looks after our medical records system.

What I appreciated most was the stricter control we've achieved over our domain admin accounts."

Jarod Davis,
Computer Technician,
Reedsburg Area Medical Center
Schedule a demo
30 minute personalised live demo

See how AD360 can help your organization to manage, protect, and empower identities - from a single centralised web console.

After the demo, you will be able to:
  • Automate user onboarding and offboarding
  • Detect suspicious user activities with UBA-driven audits and alerts
  • Enable one-click access to enterprise apps with MFA-powered SSO
  • Reduce IT tickets with self-service password reset and account unlock
  • Enable non-admin users to perform IT tasks with help desk delegation
  • Manage, audit, and monitor with Microsoft 365 management and security
 

Software supply chain attacks explained

By Aravind
Published on March 21, 2022

In networking parlance, supply chain refers to the combined effort of resources (hardware and software), storage (on-cloud and on-premises), distribution mechanisms (websites, applications), and management software to create a solution or an application. Also known as third-party attacks, backdoor breaches, or value chain attacks, they exploit the weakest link of a supply chain—vulnerable network protocols—to target the supply chain of an organization. These attacks are detrimental to an enterprise's reputation, security posture, and growth as they enable attackers to compromise multiple areas of a network by inflicting a single triggering event.

The occurrence of supply chain attacks in 2021 grew by 300% compared to the previous year, according to the 2021 Software Supply Chain Security Report from Argon Security, which was recently acquired by cloud-native security provider Aqua. This alarming statistic indicates the emergence of supply chain attacks as a potent threat.

How supply chain attacks happen

To execute a supply chain attack, threat actors ensure that their digital footprint (log information, for instance) is nearly invisible. They look for security gaps that are largely overlooked by the organization's cybersecurity teams. To ensure their attack remains covert, the hackers leverage the implicit trust enjoyed by certain entities within the organization's network, such as valued third-party vendors

An independent entity or organization that provides services to the parent enterprise on the basis of a contractual or non-contractual obligation between the two parties.
In some cases where the organizational network is highly secure, the attackers might specifically target the third-party vendors for subsequent exploitation.

The attackers take advantage of unprotected servers, unsafe cybersecurity practices, vulnerable software packages, and third-party vendors to infiltrate, tamper with source codes, and inject malicious code in the build. One of the major effects of supply chain attacks is the advanced persistent threat (APT) attack

A myriad of cyberattacks carried out stealthily by an individual or a group of threat actors deploying various tactics to endanger a network's security for a prolonged period. APT attacks are generally executed by nation-state actors with the intent to steal data and sabotage resources.
, which allows intruders to maintain an extended stay within the network to carry out post-exploitation activities for a prolonged period.

The malware can reach the customers if attackers target the delivery end of the supply chain, which can lead to a widespread infestation. By attacking the MSPs of an organization, threat actors gain wider access to multiple customer networks, thereby making the transmission of malware reach across every endpoint associated with the supply chain.

Supply chain attack examples

Supply chain attacks have gained notoriety among organizations for their stealth nature and widened scope of infestation. Some prominent cases include:

Backdoor attacks

In 2020, a United States-based software company fell victim to a nation state attack that led to a major data breach that affected over 3,000 email accounts and impacted government agencies and several corporations. The attack, known as Sunburst, was responsible for embedding backdoor code into the targeted organization's platform software, which was used to access customer and public networks.

Compromise of code integrity

A code integrity issue happened to a software testing organization that specializes in code coverage and reporting. The attack involved attackers exploiting an error to gain unauthorized access and perform modifications to the organization's uploader script, which was specifically designed for CI/CD platforms. This operation enabled attackers to export confidential customer information and divert it to an attacker-controlled server outside of the organization's network.

Ransomware attack

A software solutions provider that caters to MSPs was exploited by the ransomware group REvil on a single product that caused a ripple effect that infected over 1,000 customers. REvil demanded a ransom of $70 million in exchange for publishing a universal decryptor that would recover the affected files.

Third-party attack

In 2014, a retail giant suffered a massive data breach after attackers accessed its customers' sensitive information through an email phishing attack on its third-party HVAC vendor. The attack compromised the personal information of over 70 million customers, and over 40 million credit and debit cards.

Compromise of IoT security

In 2021, a vulnerability was detected in the technical component manufactured by a company that provides remote access to audio and video streams over the internet. The component became part of the supply chain of surveillance cameras and the flaw enabled attackers to gain unauthorized access to confidential audio and video feeds.

Mitigation and prevention of supply chain attacks

To thwart supply chain attacks, it is important for organizations to have a supply chain risk management (SCRM) strategy in place to identify, examine, and mitigate potential risks. The Cybersecurity Supply Chain Risk Management (C-SCRM). program devised by NIST helps organizations with the necessary tools and techniques required to address supply chain vulnerabilities, whether they are foreseen or not.

Implementing honeytokens

Fake entities that are kept near critical assets to lure cybercriminals into accessing them. Once captured, the compromised honeytokens can be harnessed by administrators to locate the whereabouts of cybercriminals using markers, the dummy information present within honeytokens that double up as trackers.
- that include fake email addresses, fake databases and executable files—next to business-critical digital assets helps expose the covert presence of cybercriminals. Using markers (spurious information) as bait, threat actors can be lured into accessing them, and the compromised marker can be used to track and eliminate the threats.

Before roping in third-party vendors, parent enterprises must ensure that they are certified to proven compliance standards. Risk management strategies and mitigation should also address the cybersecurity needs of third-party vendors. An inclusive approach to remediation is the key to ensuring supply chain security.

To prevent the compromise of code, it is essential to have code integrity

Code integrity or software integrity is the measurement of a software's combined ability to achieve higher code coverage during an extensively implemented unit testing and integration testing while also taking its performance during quality assurance (QA) process
policies in place. Deployment of such regulations prevent the execution of untrusted or malicious code within a supply chain network.

Organizations and third-party vendors must incorporate efficient patch management

Refers to the steps taken to identify areas within a network that require software patches—bits of code that are stitched onto existing solutions to update their features or solve existing security gaps and bugs—and their subsequent deployment.
and auto update features as a part of their mitigation strategies and software development lifecycle
SDLC is a framework that encapsulates the myriad of stages undergone by a software solution. Although the number of stages undergone by a software solution vary depending upon its size and complexity, some of the basic phases of a program's SDLC include: planning, analysis, design, development, testing, implementation, and maintenance.
.

Perceived insider threats must be addressed by implementing UEBA and SIEM-based tools that map user and device behaviors so that any signs of unusual activity can be detected and escalated.

As shadow IT

The collective presence of unauthorized or unadministered entities (hardware and software) within an organizational network.
proves to be a significant attack vector to carry supply chain attacks, endpoint security and authorization must be ensured by introducing Zero Trust Network Architecture (ZTNA) and Secure Access Service Edge (SASE), which concentrates its cybersecurity services to the edge of a network, i.e., the endpoint devices connected to the cloud. Additionally, SASE adopts least privilege access by providing minimal and granular access to users.

Users must be wary of malicious messages and social engineering techniques adopted by threat actors to initiate supply chain attacks and the resultant lateral movement

Refers to the techniques adopted by cybercriminals to move deeper and spread within the compromised network post gaining unauthorized entry . Lateral movement is executed with the intention to identify valuable and sensitive assets for exploitation.
As they are prone to becoming the weakest link of the supply chain, users should be trained to apply safe cybersecurity practices to thwart supply chain attacks.

Related Stories

Chat now
   

Hello!
How can we help you?

I have a sales question  

I need a personalized demo  

I need to talk to someone now  

E-mail our sales team  

Book a meeting  

Chat with sales now  

Back

Book your personalized demo

Thanks for registering, we will get back at you shortly!

Preferred date for demo
  •  
    • Please choose an option.
    • Please choose an option.
  •  
  • Functionalities you’re interested in*
    This field is required.

    Done

     
  • Contact Information
    •  
    •  
    •  
    •  
  • By clicking ‘Schedule a demo’, you agree to processing of personal data according to the Privacy Policy.
Back

Book a meeting

Thanks for registering, we will get back at you shortly!

Topic

What would you like to discuss?

  •  
  • Details
  •  
    • Please choose an option.
    • Please choose an option.
    Contact Information
    •  
    •  
    •  
    •  
  • By clicking ‘Book Meeting’, you agree to processing of personal data according to the Privacy Policy.
Back to Top

Thank you for subscribing our newsletter

Actionable cybersecurity insights, straight to your inbox

Thank you for subscribing newsletter

You have already subscribed to our newletter

  • US
  • By clicking "Subscribe now", you agree to processing of personal data according to the Privacy Policy.