Digital supply chain attacks and third-party risks

 

Content in this page

  • What are digital supply chain attacks?
  • Digital supply chain attacks: Risks and execution
  • Instances of digital supply chain attacks
  • Digital supply chain attacks: Security measures and best practices

What are digital supply chain attacks?

A supply chain consists of all the stakeholders involved in the journey of a product from its inception to its delivery to customers. In the traditional business world, this is mostly linear and the players involved leave the picture once their role is complete.

Cut to the digital era, with businesses moving online and the increase of cloud-based delivery models, the digital supply chain players are staying connected and are actively participating to make regular updates to improve the product, and to offer round the clock customer support. This expands the network's security surface beyond the premises of an organization, and makes it more accessible to the attackers. When any of these links become the victim of a cyberattack, it opens up the gateway to the entire ecosystem.

Threat actors are constantly on the hunt for weak links to exploit and compromise chains of businesses through advanced persistent attack techniques.

Here's an example:

  • Firm A is a bank using Firm B's payroll software and Firm C's CRM.
  • Firm B is using Firm D's data analytics application.

In this case, Firm A isn't just susceptible to the vulnerabilities of its direct links, but also to the links they bring in, like Firm D. This is a simple overview. The real world works with several layers of interlocking digital supply chains, with multiple weak links.

Digital Supply chain attacks: Risks and execution

Here are some of the risks associated with digital supply chains and how attackers abuse them:

  • Use of social engineering techniques to impersonate third-party vendors to get confidential data or monetary benefits.
  • Signing malicious applications with certificates stolen from trusted authorities. In this case, the trusted certificate authority is the third-party risk.
  • Mass campaigns of phishing and malware attacks to grab all the low hanging fruits, such as organizations with no security framework forming the weak links.
  • Absence of strong access controls leading to exfiltration and leaking of sensitive data by third-party insiders who exploit the unwarranted privileges assigned to them.
  • Malware embedded in hardware purchased from third parties.
  • Misuse of commonly used open source software, which has increased exponentially in recent years.
  • Exploitation of zero-day vulnerabilities in trusted applications using penetrative strategies.

Once attackers infiltrate the third-party network, they implant malware, steal credentials, establish a command and control channel to download more malware payload, move laterally by escalating privileges, and persist in the network. They might locate your data, steal it, and demand a ransom, or proceed to abuse the access granted to the third parties.

Instances of digital supply chain attacks

  • NotPetya attack: In 2017, the NotPetya malware code, an updated version of the Petya ransomware, was injected into a tax and accounting software commonly used by Ukranian businesses. The malware encrypted the boot code of systems and spread throughout the customer networks disrupting their operations. No ransom demands were made in exchange of decryption keys as the sole purpose of this attack was to cause irreversible damages. This attack tops the list of the most devastating digital supply chain attacks with estimated damages of up to $10 billion.
  • Mimecast: This is an example of a digital certificate abuse attack. Mimecast offers SaaS solutions for email security and management. In 2021, attackers compromised Mimecast's digital certificate used to authenticate users and secure communications. The attack enabled eavesdropping on email communications of Mimecast's customers and resulted in data theft.
  • Gigabyte firmware: Gigabyte, a Taiwan-based motherboard manufacturer, sent out more than 250 models of motherboards with hidden embedded code that is executed during the system boot. Though the code was included to update the firmware, security analysts found vulnerabilities that could be hijacked to inject malware. This instance shows third-party risks caused by firmware.
  • Serial abuse of file transfer applications: Commonly used by businesses, managed file transfer applications in recent years have been involved in multiple cases of data theft incidents, like Fortra's GoAnywhere, Accellion, and Progress MOVEit attacks. Ransomware groups exploit zero-day vulnerabilities to implant web-shells and exfiltrate data. Many chains of high profile financial, educational, and healthcare institutions, as well as government agencies have fallen victim to these attacks.

Digital Supply chain attacks: Security measures and best practices

Are you the weak link?

Securing the digital ecosystem from supply chain attack starts with questioning if your organization is the vulnerable link. It's important to establish stringent security mechanisms and follow the cyclical process of continuous monitoring, auditing, and updating your systems and policies.

Here's a list of security best practices for the vendors:

  • Audit your application source code for vulnerabilities that might allow attacks like SQL injection and cross-site scripting. Guide and help your employees to stay aware of the evolving cyber risks and adopt methods to write clean and secure code.
  • Ensure your customers are informed of the latest updates and are required to implement them in their on-premises applications. In the case of cloud-based products, use cloud access security broker (CASB) protection, encrypt data in transit, data at rest, and secure all communications between the customer environment and the data center.
  • Implement defensive strategies, like conducting penetrative testing, vulnerability scanning and installing honeypots and honeytokens, to divert the attackers and capture their techniques.
  • Comply with IT regulatory mandates, be transparent about your data privacy policies with your customers, inform your customers in case of an attack, assist them in securing their networks, and rollout patches immediately.

Security measures for SOCs to protect organizations from digital supply chain risks:

  • Ensure up-to-date inventory management by maintaining a digital inventory of the third-party software used in your organization, audit the privileges assigned to them, and the data collected from your network.
  • Encrypt all your data, avoid privilege abuse and escalation of privileges by implementing security models like zero-trust, role-based-access-controls and principles of least privilege access.
  • Thoroughly audit the data privacy and security policies of your direct third-party links, ensure they are compliant with the standard regulatory policies and your industry specific regulations.
  • Monitor logs of third-party applications installed on-premises and on-cloud, audit the on-premise servers hosting the applications, check for malicious traffic interacting with those servers.
  • Identify the anomalous behavior of third-party accounts logging onto your network, the files accessed by them and data exfiltration attempts.

ManageEngine Log360, the centralized SIEM solution for advanced threat handling, helps SOCs detect digital supply chain attacks and remediate the effects. Along with real-time log monitoring, alerting, and correlating activities across the network, this solution also provides CASB for cloud protection and UEBA for machine learning-based anomaly detection. The integrated global threat feeds and the MITRE ATT&CK dashboard help detect blacklisted sources and attack patterns, tactics, and techniques of threat groups. Access hundreds of predefined reports, hunt for threats, detect incidents and mitigate them through incident response workflows. Explore the solution now.

Enhance your security posture by leveraging the capabilities of Log360

Let our experts evaluate your security requirements and demonstrate how Log360 can help satisfy them.

  • Please enter a valid text.
  • Please enter a valid text.
  •  
  • -Select-
By clicking 'Personalized demo', you agree to processing of personal data according to the Privacy Policy.

Thank you for reaching out to us.

We will get back to you shortly.

Learn how Log360 can help organizations build and strengthen their defenses against digital supply chain attacks with a suite of security features like:

  • Real time correlation of network events
  • Machine learning based anomaly detection
  • Integration of global threat feeds and MITRE ATT&CK dashboard
Explore with our 30-day free trial

Implement defensive strategies and incident response measures using the advanced security features of Log360.

Download now

Get the latest content delivered
right to your inbox!

 

Cyber Security - Knowledge Base

     
     

  Zoho Corporation Pvt. Ltd. All rights reserved.

Home »

Awards & recognition

ManageEngine named in 2024 Gartner MQ for SIEM Gartner Peer Insights Customers' choice for SIEM

2022 Gartner SIEM mq

Features

Support

Secure your IT infrastructure with a cloud SIEM solution

Solutions by industry

Related solutions

One-stop solution to all Log Management and Active Directory Auditing

Free Trial Get Quote
Email Download Link