Supply-chain Attacks

Apr 01, 2020

Upon completion of this video, you will be able to describe damage done to organizations by targeting less secure elements in the supply network.

In this short video, we're going to cover the topic of "Supply Chain Attacks", which is real and prevalent, and especially in times of disruption that may come from, let's say, a virus, for example, it makes the supply chain even more vulnerable. A "Supply chain attack" is also called a "value chain" or "third party attack". The attacker infiltrates a system through an outside partner, a vendor or a provider with access to your systems and/or data. It's a form of a side channel attack.

For example, the Stuxnet virus was introduced into an air gapped area, a nuclear facility, because a vendor brought a laptop in. The risks of supply chain attacks against sectors and software are growing due to new attack variants, to growing public awareness and increased oversight from regulators. In 2018, 56 percent of organizations had suffered a breach that was caused by one of their vendors or their partners.

Here's an example of a supply chain attack, kill-chain, okay. Notice in the upper right hand corner, we have our "Trusted supplier". The malware or the virus is injected into a supplier computer. Typically, it's going to be a mobile device or a laptop. Then the data breach exfiltrate data through a chain of servers making it difficult to trace.

And again, they're leveraging trust relationships and federated access to different servers between organizations and their vendors and their partners. The malware then spreads often as part of a worm or a distributed denial of service attack to critical infrastructure to a company's network, the supplier system, the day to day company IT systems and other critical services. The contractor usually accesses their system either remotely, over the Internet, or by physically plugging in infected devices on the site.