It could net hundreds, thousands or even millions of victims: in September 2017, SentinelOne detected and blocked a threat from what should have been a safe application. From the attacker’s point of view, the rewards of a single-hack on widely-used software compared to just striking at one corporate target can be huge. There’s one simple answer to this question: greater rewards for less work. With many 3rd-party software offerings being dependent on external libraries themselves, the compromise could be hidden several layers removed from the intended target. Software supply chain attacks pose great danger since they can be difficult to detect by legacy AV solutions. The malware could only be installed by a person or process with insider access. Other notable cases of supply chain attacks have hit ATMs in Eastern Europe, the US, India and China, allowing criminals to drain the machines of cash and then remove the malware. Two notorious examples that gained much attention were the 2013-4 attack on Target, in which 40 million customers’ credit and debit cards became susceptible to fraud after the POS system in over 1800 stores was infected with malware, and the Stuxnet worm – the world’s first recorded use of a cyber weapon – that impacted the Iranian Bushehr Nuclear Power plant via malicious USB sticks. By contaminating update servers or development tools, inserting code into executables or simply replacing real packages with fake ones, adversaries can gain access to victims further along the supply chain. Typically, the bad actors will look to exploit some weakness in the vendor’s development cycle and attempt to inject malicious code into a signed and certified application. Rather than attacking an organization directly, a software supply chain attack targets the vendors of apps and other code used by the organization. Software supply chain attacks are on the rise, and they exploit the vulnerable underbelly of many businesses: third-party software that may have been validated in the past but not at the time of an attack. In this post, however, we won’t be talking about insider threats, but vulnerabilities that come from trusted vendors. We’re all familiar with the need to defend the enterprise against adversaries, but it’s important to understand that friends can also become foes. Learn what they are and how to defend against them. Businesses are becoming increasingly vulnerable to software supply chain attacks. What do the Target attack, Stuxnet worm and ATM malware all have in common? That’s right, they are all examples of supply chain attacks.
0 Comments
Leave a Reply. |