Supply Chain Attacks on the Rise Across Multiple Industries

‘In the first quarter of 2021, supply chain attacks rose by 42% in the US alone’– Chartered Institute of Procurement and Supply (CIPS)

Supply Chain attacks are attacks made by malicious actors to exploit the relationship between legitimate parties within business operations. The purpose of the attack is to gain access without authorisation, to a single/ group of organisations who supply services/products to other organisations, and to implant backdoors into these services/products, that clients/partners rely on. Often companies in the tech, gas and oil industries are targeted, due to the sheer number of business and people that rely on said services.

Supply Chain Attacks on the Rise

A key issue with supply chain attacks is that even though you are working with a trusted and legitimate software, doubt is cast as to how safe your data actually is. You must consider, as a client, how secure your vendors’ code is, and how much trust should you place in their processes and technology.

‘Supply chain, phishing, and ransomware attacks reflect a broader trend that cyber criminals want to exploit multiple organisations through a single point-of-attack.’ – Eva Velasquez, CEO Identity Theft Resource Center (ITRC)

‘Organisations can often put their customers at risk by using things like open-source code to deliver their services/solutions. But as threat groups continue to get more sophisticated, and grow in number every day, a lack of control on elements, such as code, creates an easy opening for attackers to infiltrate.’ – Eleanor Barlow, Content Manager, SecurityHQ

Which is why we have seen more supply chain attacks throughout the last year than ever before.

Example 1: Rapid7/ CodeCov Supply Chain Attack

A San Francisco based tech company named Codecov was made victim to a cyber security attack that impacted users around the globe, including cyber security company Rapid7. Codecov is known for catering code coverage and testing tools, and reports that their Bash uploader script was manipulated, which effected their tools, including their CircleCi Orb, GitHub, and Codecov Bitrise. Which makes a supply chain attack of this size significant not only to their business, but to the business of other companies employing Codecov or associated technologies. The attackers exploited Codecov software and used the organisation as a medium to compromise customer networks.

Example 2: Accellion File Transfer Appliance Attack

Accellion, known for their File Transfer Appliance, were in the process of transferring all their costumers over to new services as their FTA was reaching its End-of-Life. In the process of moving data, attackers were able to infiltrate 4 zero-day vulnerabilities and deploy a web shell attack on the server that would exfiltrate personal and private data of customers, from a vast selection of databases. The targets within these databases included large cyber security organisations. The issue is that while a cyber security company may have everything correctly implemented on their end, they put trust in the fact that they thought their vendor would be doing the same and did not account for a weakness on the vendor’s side.

Mitigations

1. To minimise the chances of a supply chain attack, speak with your vendors on a regular basis, know who you are working with and what processes and protocols are in place. You must know how they manage your data to adopt the right measures to protect it.
2. Be certain that code stays secure. Adopt a Zero-Trust model so that the right actions are in place should an attack occur.
3. Implement the right services to detect and respond to an attack before it is too late. Ensure that you have Managed Extended Detection & Response (XDR) that will ensure full visibility of otherwise hidden threats.

If you are concerned about the impact of this breach, think you have been breached, report an incident, or contact a security expert.