Supply Chain Attack

As part of an attack, malicious actors find ways to infiltrate the system’s supply chain (through malware, tampered hardware, or false information). This is typically achieved by replacing a legitimate system component with a tainted one or by directly tampering with an existing component.

The Supply Chain Attack process

The vast majority of supply chain attacks target the “weakest link” of the supply chain, which typically is a vendor with fewer resources allocated to cyber security, thus presenting an easier target for malicious actors.

Although there’s a high incidence of supply chain attacks in the IT sector, they can affect a variety of other highly connected sectors, such as retail, airlines, and the pharmaceutical industry.

The risks of Supply Chain Attacks

Poorly managed supply chain management systems can become significant hazards for cyberattacks, which can lead to the loss of sensitive customer information, disruption of the manufacturing process, and damage to a company's reputation.

This type of attack has major consequences regarding sensitive data: it creates breaches that can expose customers' sensitive information.

Supply chain attacks are often a means to distribute malware and inject it into a system. These can be, for example, worms, viruses, spyware, or trojan horses.

In software development, these attacks typically happen by inserting malicious code into a code dependency or third-party service. Common software supply chain attack objectives include:

1. Violating confidentiality (intercept): gaining unauthorized access to information;

2. Reducing integrity (modify, fabricate): cause the system to malfunction; cause end users to mistrust the information and information system, or cause end users to do unintended actions;

3. Reducing availability (degrade, interrupt): making the system and information or resource unavailable when they are needed;

4. Using resources for harmful purposes (unauthorized use or usurpation): consequently, it violates the confidentiality, integrity, or availability of other resources that trust the information asset being attacked by the adversary (as they don’t know it is compromised).

Web Supply Attacks advantages to attackers

When compared to typical cyberattacks, web supply chain attacks provide three main advantages to attackers:

1. Lack of privilege separation on the Web: all pieces of third-party code have the same privileges as code developed internally. As a result, external code can harvest any user input, add extra code, hijack events, modify the behavior of the web page, tamper with other code in the same scope, and contact any external domain, possibly exfiltrating data.

2. Targeting multiple companies with a single attack: using the same dependency or script in different companies increases the potential return on investment for the attack. A breach of 20 maintainer accounts would trigger an attack on over half of the entire Web ecosystem.

3. Remaining undetected by perimeter defenses: these attacks are often initiated by an embedded change to a component that is trusted by default; an approved delivery mechanism such as a software update can deliver the Web Supply Chain Attack without causing any suspicion by network defenders.

We highlight several strategies and steps to detect and prevent software supply chain attacks:

1. One of the main ways to protect against supply chain attacks is to enforce strong code integrity policies to allow only authorized applications to run. This must include endpoints, networks, the cloud, and mobile devices.
   
   Also, using endpoint detection and response solutions that can automatically detect and correct suspicious activity helps prevent supply chain attacks. Integrating security into the development process would also allow us to identify if the software has been maliciously modified.
   
   

2. Another step in the prevention strategy is focused on gaining client-side visibility. Companies can achieve this by using webpage inventory technology that actively monitors the client side, looking for signs of malicious behavior. Some examples of typical supply chain attacks are third-party script tampering with a payment form, personal data being sent out to an unknown domain, etc.
   
   

3. After gaining visibility, companies need the ability to block malicious behavior, ideally without disrupting the customer experience. This is where it can get even trickier, as some novel security approaches are often unstable and can break the entire website.
   
   A proper mitigation strategy involves blocking the source of the malicious behavior in real-time. This is useful regardless of the plan of action used by the attackers. It is vital to ensure that no data is leaked and to keep the user experience intact throughout the process.
   
   

4. Requiring multi-factor authentication for administrators can also be an efficient way to add a layer of security while implementing a low-privilege policy and giving everyone in the corporate environment only the permissions they need to work.
   
   Regarding third-party software and partner organizations, it’s important to remember that they also do not need unlimited access to every corner of the corporate network.