Check Point Software Technologies Ltd. , a leading provider of cyber security solutions globally, explains how to keep your company safe from a supply chain attack. In recent years, the supply chain has been one of the main targets for cybercriminals. Although this trend is down to a number of factors, one of the most important is, undoubtedly, the cyber pandemic. It is clear that COVID-19 has transformed the modern enterprise, pushing many towards remote working and cloud adoption when they may not have been fully prepared. As a result, security teams are overwhelmed and unable to keep up. According to Check Point’s 2022 Security Report, there was a huge 650% year-on-year increase in supply chain attacks in 2021.
Examples of high-profile supply chain attacks from last year include SolarWinds where a group of cybercriminals gained access to SolarWinds’ production environment and embedded a backdoor in updates to its Orion network monitoring product. Its customers running the malicious update suffered data theft and other security issues. Another example was the REvil ransomware gang that exploited Kaseya, a software company providing software for managed service providers (MSPs), to infect more than 1,000 customers with ransomware. The cybercriminals went so far as to demand a ransom of $70 million to provide decryption keys to all affected users.
The largest-ever distributed denial of service (DDoS) attack was detected in August, with 17.2 million requests per second. The attack was facilitated by the Mirai botnet, targeting an organization in the financial industry. In this specific incident, the traffic originated from more than 20,000 bots in 125 countries worldwide, with almost 15% of the attack originating from Indonesia, followed by India, Brazil, Vietnam, and Ukraine. Mirai was first observed in 2016 targeting Internet of Things (IoT) devices, such as CCTV cameras and routers. Numerous variants of the botnet have emerged since, expanding the list of targeted devices to include Linux routers and servers, android devices, and more.
How a supply chain attack works
A supply chain attack exploits the trusted relationships between different organizations. It is clear that all companies have an implicit level of trust in other companies, as they install and use their software on their networks or work with them as suppliers. This type of threat targets the weakest link in a chain of trust. If an organization has strong cyber security, but has an insecure trusted supplier, cyber criminals will target it. With a foothold in that provider’s network, attackers can move to the more secure network using that link.
Cybercriminals often exploit supply chain vulnerabilities to distribute malware
It’s common for a supply chain attack to target managed service providers (MSPs) as they have extensive access to their customers’ networks, which is very valuable to an attacker. After exploiting the MSP, the attacker can easily expand into their customers’ networks and by exploiting their vulnerabilities, these attackers have a greater impact and can gain access to areas that would be much more difficult if done directly.
Once an attacker has gained access, they can then carry out any other type of cyberattack, including:
- Data breach: Supply chain vulnerabilities are commonly used to perform data breaches. For example, the SolarWinds hack exposed the sensitive data of multiple public and private sector organizations.
- Malware attacks: Cybercriminals often exploit supply chain vulnerabilities to distribute malware into the target company. SolarWinds included the delivery of a malicious backdoor, and the attack on Kaseya resulted in ransomware designed to exploit it.
Best techniques to identify and mitigate supply chain attacks
Despite the danger posed by this threat, there are techniques designed to protect a company:
- Implement a least privilege policy: Many organizations assign excessive access and permissions to their employees, partners and software. These excessive authorizations facilitate supply chain attacks. Therefore, it is imperative to implement a least privilege policy and to assign everyone in the company, as well as the software itself, only the permissions they need to perform their own work.
- Segment the network: Third-party software and partner organizations do not need unlimited access to every corner of the corporate network. To avoid any risk, network segmentation should be used to divide the network into zones based on different business functions. In this way, if a supply chain attack compromises part of the network, the rest will remain protected.
- Apply DevSecOps practices: By integrating security into the development lifecycle, it is possible to detect if software, such as Orion updates, has been maliciously modified.
- Automated threat prevention and risk hunting: Security Operations Centre (SOC) analysts must protect against attacks across all organizational environments, including endpoints, network, cloud and mobile devices.
“Supply chain attacks aren’t new but throughout last year they rapidly increased in size, sophistication and frequency,” explains Sundar Balasubramanian, managing director, India and SAARC, Check Point Software Technologies. “In other words, there was a 650% global increase in supply chain attacks. In a digital landscape that’s increasingly made up of complex interconnections between suppliers, partners and customers, the risk of vulnerability is increasing exponentially and businesses cannot afford to settle for second-best security. The cost of ransomware and remediation can run into the millions, yet it is something that can be avoided by taking a proactive approach to security and having the right technology in place to prevent malware from getting into the network in the first place.”