Supply Chain Attacks and Their Effects on Customers

Agenda

• What is a supply chain attack?
• How do supply chain attacks work?
• Types of supply chain attacks
• How industries identify supply chain attacks
• How industries prevent supply chain attacks
• Common examples
• Recap

What is a Supply Chain Attack?

• Definition: A supply chain attack occurs when an attacker gains access to a company's network via vendors, suppliers, or other parts of the supply chain.
• Complex Nature: Supply chains can have broad and complex relationships, making attacks difficult to spot.
• Importance of Protection: It’s crucial for companies to protect their distribution network and ensure their partners share the same dedication.
• Recent Trends: Supply chain attacks have been involved in significant cybersecurity incidents, heightened by the COVID-19 pandemic and a cybersecurity skills gap.

How Do Supply Chain Attacks Work?

• Exploitation of Trust: Supply chain attacks leverage the inherent trust between entities in the supply chain.
• Method of Attack: Attackers may use vendors to spread malware; for example, a keylogger on a USB can compromise a retailer’s network to steal sensitive data.

Types of Supply Chain Attacks

1. Firmware Attacks:
   • Malware introduced into a computer's booting code.
   • Runs as soon as the computer starts, often unnoticed.
2. Hardware Attacks:
   • Involves physical devices, like USBs, that spread malware throughout the supply chain.
3. Software Attacks:
   • A compromised application can spread malware across networks by corrupting the source code.

How Industries Identify Supply Chain Attacks

• Rapid Detection: Essential in preventing damage; utilizing modern tools to identify threats.
• Access Management: Implement least privilege access to reduce risks from overly generous permissions.
• Network Segmentation: Limits the impact of a breach by dividing networks according to business needs.
• Security Integration: Incorporating security into the development lifecycle helps identify malicious software.

How Industries Prevent Supply Chain Attacks

• Security Operations Center (SOC): Experts examine and enhance cybersecurity infrastructure.
• Enterprise Password Management (EPM): Enforces password security policies across the organization.
• Decoy Attacks: Using red and blue teams to simulate attacks and assess readiness.
• Emergency Strategy: Always have a backup plan if third-party vendors are compromised.
• Access Control: Limit vendor access to essential systems only.
• Cybersecurity Training: Regular training for employees on cybersecurity importance and best practices.

Common Examples of Supply Chain Attacks

1. SolarWinds: Backdoor in software updates led to data breaches.
2. NotPetya: Ransomware attack through a compromised update from a Ukrainian accounting firm.
3. British Airways: Magecart attack compromised customer transactions.
4. Kaseya: Ransomware gang infected customers through a software provider.
5. Kodkov: Attackers redirected private data from clients due to a vulnerability in a script.
6. Checkpoint Research: Identified vulnerabilities leading to potential supply chain attacks.

Recap

• Overview of supply chain attacks and their mechanisms.
• Types of attacks, identification, and prevention strategies discussed.
• Common examples highlighted to understand real-world implications.