R-CISC BLOG

Targeting the Supply Chain

Threat actors are increasingly targeting supply chain organizations to get around ever more hardened corporate perimeters, modifying their products to achieve a range of potential effects, such as cyber espionage, organizational disruption or demonstrable financial impact.

According to a recent report by the National Counterintelligence and Security Center (NCSC), software supply chain infiltration has already threatened critical infrastructure and is poised to imperil other sectors. China, Russia and Iran were cited as the most capable and active states involved in such economic subterfuge.

As attackers look for new ways to exploit computer networks via the privileged access given to technology providers, software supply chain vendors are increasingly becoming attractive targets. As such, software supply chain infiltration is one of the key threats that corporations must consider, and in particular, how software vulnerabilities are exploited.

Past Supply Chain Attacks

In July 2018, hackers compromised a font package installed by a PDF editor app and used it to deploy a cryptocurrency miner on users’ computers. Hackers breached the cloud server infrastructure of a software company providing font packages as MSI files, which were offered to other software companies and ultimately downloaded by the PDF editor app. Because the PDF editor app was installed under system privileges, the malicious coinminer code hidden inside received full access to a user’s system.

In September 2017, a booby-trapped version of CCleaner, a computer-cleaning program, was used to infect millions of machines, to specifically target 18 companies to conduct espionage including Samsung, Asus, Intel, VMware, O2 and Fujitsu.

In June 2017, the NotPetya malware (also known as PetrWrap, exPetr, GoldenEye and Diskcoder.C) affected tens of thousands of systems around the world. Researchers initially believed NotPetya was a piece of ransomware, but closer analysis revealed that it was a destructive wiper spread via a backdoor planted in M.E.Doc, an accounting software package that’s used by almost every company in Ukraine.

According to a recent report from CrowdStrike which surveyed 1,300 senior IT decision makers and security professionals in the U.S., Canada, Mexico, the U.K., Australia, Japan, Germany and Singapore in April and May, two-thirds (66%) of respondents’ organizations have experienced some form of a software supply chain attack.

Conclusion

Supply Chain attacks are becoming increasingly common, and as such, organizations must pay close attention to the supply chain. Along with rigorously assessing the software supply chain suppliers they use, organizations must close the security gaps that are making them vulnerable to attack. This requires employing effective prevention, detection and response technologies.