Supply Chain Attacks: How Cybercriminals Exploit Trust Between Organizations

Previous story:

MediBuddy, India’s Largest Digital Healthcare Company, Raises $125M in Series C Funding

Supply Chain Attacks: How Cybercriminals Exploit Trust Between Organizations

Posted on February 23, 2022

With a 650% increase in supply chain attacks, Check Point Software says implementing a least privilege access policy, network segmentation, DevSecOps practices, and automated threat prevention are the cornerstones of enterprise security.

New Delhi – Check Point® Software Technologies Ltd. (NASDAQ: CHKP), a leading global provider of cybersecurity solutions, explains how to protect your business from a supply chain attack. In recent years, the supply chain has been one of the main targets of cybercriminals. Although this trend is due to a number of factors, one of the most important is undoubtedly the cyber pandemic. It’s clear that COVID-19 has transformed modern business, pushing many people toward remote work and cloud adoption when they may not have been fully prepared. As a result, security teams are overwhelmed and unable to keep up. According to Check Point’s 2022 Security Report, there was a whopping 650% year-over-year increase in supply chain attacks in 2021.

Examples of high-profile supply chain attacks from last year include SolarWinds, where a group of cybercriminals gained access to the production environment of SolarWinds and embedded a backdoor in updates of its network monitoring product Orion. Its customers running the malicious update suffered data theft and other security issues. Another example was the REvil ransomware gang that exploited Kaseya, a software company providing software for managed service providers (MSPs), to infect over 1,000 customers with ransomware. Cybercriminals went so far as to demand a ransom of $70 million to provide decryption keys to all affected users.

The largest Distributed Denial of Service (DDoS) attack on record was detected in August, with 17.2 million requests per second. The attack was facilitated by the Mirai botnet, targeting a financial industry organization. In this specific incident, the traffic came from over 20,000 bots in 125 countries around the world, with almost 15% of the attack coming from Indonesia, followed by India, Brazil, Vietnam and Ukraine. . Mirai was first observed in 2016 targeting Internet of Things (IoT) devices, such as CCTV cameras and routers. Many variants of the botnet have since emerged, expanding the list of targeted devices to include Linux routers and servers, Android devices, and more.

How a Supply Chain Attack Works

A supply chain attack exploits trust relationships between different organizations. It is clear that all companies have an implicit level of trust in other companies because they install and use their software on their networks or work with them as suppliers. This type of threat targets the weakest link in a chain of trust. If an organization has strong cybersecurity, but has an insecure trusted vendor, cybercriminals will target it. With one foot in that provider’s network, attackers can move to the more secure network using that link.

Cybercriminals often exploit supply chain vulnerabilities to distribute malware

It is common for a supply chain attack to target managed service providers (MSPs) because they have extensive access to their customers’ networks, which is very valuable to an attacker. After exploiting the MSP, the attacker can easily expand into their customers’ networks and by exploiting their vulnerabilities, these attackers have a greater impact and can access areas that would be much more difficult if they did so directly.

Once an attacker has gained access, they can then perform any other type of cyberattack, including:

  • Data Breach: Supply chain vulnerabilities are commonly used to carry out data breaches. For example, the SolarWinds hack exposed the sensitive data of several public and private sector organizations.
  • Malware attacks: Cybercriminals often exploit vulnerabilities in the supply chain to deliver malware to the target organization. SolarWinds included the delivery of a malicious backdoor, and the attack on Kaseya resulted in the creation of ransomware designed to exploit it.

Best techniques for identifying and mitigating supply chain attacks

Despite the danger posed by this threat, there are techniques designed to protect a business:

  1. Implement a policy of least privilege: Many organizations assign excessive access and permissions to their employees, partners, and software. These excessive permissions facilitate supply chain attacks. Therefore, it is imperative to implement a policy of least privilege and assign everyone in the company, as well as the software itself, only the permissions they need to perform their own work.
  2. Segment the network: Third-party software and partner organizations don’t need unlimited access to every corner of the corporate network. To avoid risk, network segmentation should be used to divide the network into zones based on different business functions. This way, if a supply chain attack compromises part of the network, the rest will remain protected.
  3. Apply DevSecOps practices: By integrating security into the development lifecycle, it is possible to detect whether software, such as Orion updates, has been maliciously modified.
  4. Automated threat prevention and risk hunting: Security operations center (SOC) analysts need to protect against attacks across all organizational environments, including endpoint, network, cloud, and mobile devices.

“Supply chain attacks are not new, but throughout the last year they have rapidly increased in size, sophistication and frequency,” says Sundar Balasubramanian, Managing Director, India and SAARC, Check Dot Software Technologies. “In other words, there has been a 650% global increase in supply chain attacks. In a digital landscape increasingly made up of complex interconnections between suppliers, partners and customers, the risk of vulnerability is increasing exponentially and businesses can’t afford to settle for second-tier security The cost of ransomware and remediation can run into the millions, but it’s something that can be avoided by taking a proactive approach security and having the right technology in place to prevent malware from entering the network in the first place.

About Jon Moses

Check Also

Intel promises “substantial contributions” to the growth of RISC-V • The Register

Analysis Here’s something that would have seemed odd just a few years ago: to help …