Cyber-attacks have been on the increase around the world, resulting in businesses having their systems infiltrated. These attacks have flow on effects including downstream implications, loss of sensitive information and business reputation damage.
One of the ways malicious attackers are invading organizations is through supply chain attacks. As the words ‘supply chain’ suggest, attackers enter through a network between a supplier and a company. They target the less secure elements of the supply network to help break into other organizations.
How Does It Work
A threat actor installs malicious code or hardware-based spying components into a third-party vendor’s software. As that software is part of an organization’s ecosystem, it then enters that ecosystem. Once it is in, the code is executed, and this is when it causes damage.
Third-party vendors provide software to many companies, and they store sensitive data for multiple clients. This means one supply chain attack results in multiple clients being attacked and suffering a data breach.
The difference between software supply chain attacks and other attacks (e.g., ransomware) is that it progresses slowly, attacks a specific set of users and is more difficult to detect (as the attack is through software that is part of the current business ecosystem).
Maersk Supply Chain Attack
Let’s examine the supply chain attack at Maersk. Maersk is a global logistics company with over eighty thousand staff, operating in one hundred and thirty countries and has over eight hundred ships. The malicious actor gained access via one computer and infected one hundred and seventy offices, four thousand servers, forty-five thousand PCs and two thousand apps over 10 days.
Ports rely heavily on communication and once the systems went down it caused major disruptions at port terminals in the US, India, Spain, and the Netherlands. No one knew where to go, what to pick up, or what was in the shipping containers. This then had a flow-on effect to other companies such as Merck, FedEx, Saint Gobin and many more. The level of destruction and damage was enormous.
This attack has been among the biggest-ever to hit the shipping industry and echoed through the industry given their position as the biggest container shipping company.
On a positive note, Maersk became the first company to reverse engineer malware after the attack. Furthermore, their Board also agreed to share the information from this attack with other impacted organizations, which shows the generosity and values of this organization.
How To Prevent Supply Chain Attacks
Poorly managed supply chain management systems allow these types of attacks. It’s important for organizations to have strict controls in place for their supply network.
Here are some strategies to prevent supply chain attacks.
This means all network activities are deemed suspicious and must undergo a strict list of policies to be allowed access to sensitive information and intellectual property.
Use Honeytokens and encourage vendors to use them too
Honeytokens are fake words or records within a database/software. This tactic allows administrators to track data, identify who stole it and how it happened.
Minimize access points to sensitive information
This strategy minimizes the access of sensitive data to users who really need the information. This reduces the access points to data that are available to malicious actors for this type of activity.
With the increase of remote working and home offices, staff are connecting unapproved software and external devices to their work laptops. This provides malicious actors more ways to access your business ecosystem and cause damage. Rules need to be implemented to prevent these access points that can be used for malicious attacks.
Assess third party vendors on a regular basis
Some software vendors may not have strict cybersecurity strategies in place which puts their software at risk of attack; this subsequently puts your business ecosystem at risk. Assessing your vendor's security rating on a regular basis will prevent such attacks and show the vendor that cybersecurity is important to your business.
Change the mindset of the organization from ‘it won’t happen’ to ‘it will happen.’ This means that your organization’s cyber defense strategies will be more vigorous and active, helping to prevent supply chain attacks from occurring.
Educate your staff on cybersecurity
Excellent security practices are a great way to defend your company, as staff are aware of attacks and how they occur. This allows them to notify you of anything suspicious, as they are aware of how it happens and what to look for.
As can be seen from the Maersk example, a supply chain attack can cripple an organization and have a flow on effect to their clients, and their clients’ clients. By implementing the strategies above as part of your overall IT strategy, this will help prevent attacks on your ecosystem via vulnerable vendor software.
If you’d like to know more about supply chain attacks, your supply chain risk, and how to protect your business, contact the team at Technology Solutions today.
Best advice I’ve got regarding my cybersecurity strategy was to have a zero thrust approach, thus assuming that any user, device or data is exposed to a potential threat until proven otherwise.
2021 has been the year of firsts and it’s not over yet. We had our first cyber threat but luckily, thanks to our excellent IT department we managed to survive unscathed. We’ve switched to AWL in a heartbeat, I’m sorry we didn’t take this step sooner.