Techdee

Historical Software Supply Chain Attacks and How to Avoid Them

A significant number of businesses are currently utilizing open-source software in addition to software that may contain components that are open-source or sourced from third-party vendors. An attack on the supply chain takes place when malicious actors gain access to the corporate networks of an organization through the use of linked applications that the firm might be utilizing or services owned or used by third parties. This type of assault is characterized as a supply chain attack since it targets third-party software for exploitation.

Applications and services that are utilized by organizations are usually reputable and have been reviewed by security teams. Therefore, it is possible that they have access to a variety of confidential or valuable proprietary data or information. If the supply chain, i.e., open source code, of one of these types of applications is penetrated for any reason, then it could result in the organization’s sensitive data being exposed.

This issue becomes more widespread as your network size increases. Often, third-party suppliers use software that was developed by other companies, and those other businesses often have their own external and open-source components. These components can pose a risk to the organization such as an open-source supply chain attack. Tracking open source inventory can help organizations to comply with various regulations that may require them to disclose the use of open-source components.

Understanding the Tactics of Historical Software Supply Chain Attacks

There are a lot of different historical supply chain attacks that have been carried out. Let’s understand how they were carried out and what the tactics used by the attackers.

The Most Famous SolarWinds Attack

The most recent and infamous hack on a supply chain is connected to SolarWinds, a company that makes network monitoring apps called Orion. In this particular attack, the infrastructure of SolarWinds was penetrated by cybercriminals, who then used the access they gained to develop and distribute to organized updates to the customers who were utilizing the software. After the update is applied, the attacker will have full access to the software.

There is a possibility that the software builds for Orion versions 2019.4 HF 5 through 2020.2.1 that were distributed between March 2020 and June 2020 contained a trojanized component. This component was a plugin called SolarWinds.Orion.Core.BusinessLayer.dll, and it is typically distributed as part of the Orion platform updates. 

The component that was compromised was digitally signed and contained a backdoor. This backdoor was really able to communicate with the servers that were controlled by the attacker since it had a digital signature. In addition to other organizations, it involved a large number of different departments and agencies of the United States government.

Compromise of Target’s POS Software

One of the most serious data breaches in the retail sector’s history occurred in 2013 at Target, a company that operates a huge number of shops and an online marketplace. Between the 27th of November and the 15th of December, an attack was carried out in which brick-and-mortar stores were subjected to the hacking of about 40 million customers’ debit or credit cards. This occurred as a result of malicious software being put into the point-of-sale system, which is capable of stealing this information. 

Both the security personnel at Target and the monitoring system that they have in place failed to notice this attack while it was happening. It is believed that the attackers gained access to the Target network through a third-party supplier that had been infiltrated. This supplier was thought to be Fazio Mechanical Services, which had direct access to the network.

How Secure your Organization from Supply Chain Attacks

Each organization uses a lot of different software. Hence, it is necessary to secure the organization from vulnerabilities within them. Let’s understand a couple of different methods we can use.

Vendor Review

The most important aspect of acquiring software for an organization is doing reviews of the various vendors. A vendor review, as its name suggests, determines the kinds of data that an application will access, the kinds of security systems that the vendor has in place, and the kinds of incident response programs that the vendor uses. 

When an organization is in the process of purchasing software, it is critical for that organization to determine what data the software will have access to as well as whether or not the software has a security certification such as SOC2. This information will assist the organization in determining whether or not to purchase the software in question. They are fundamental tasks that need to be completed before the firm can consider purchasing any software.

Software Bill of Materials 

A software bill of materials (SBOM) is a list of all the parts that go into creating a piece of software. The software may include several pre-built libraries and various open-source packages, which may also contain additional resources from other parties.

Malicious actors typically search third-party software packages for vulnerable code in order to compromise them, which would negatively impact the businesses using the software. Therefore, it is crucial that every piece of the software be traced back to its original location. Companies can utilize the SBOM to fix vulnerabilities as soon as they are identified in any of the components, lowering the risk that supply chain attacks will take place.

Conclusion

Attacks on supply chains are becoming increasingly common. It is simple to avoid directly compromising the software but to do so with a component of it. In the past, they have occurred, and as a result, a significant amount of damage has been caused. Therefore, the organization that is generating the software or the organization that is using the software must have countermeasures in place that can monitor and inform them if a particular type of code is changed, access to the network is gained, or anything else of the sort. Because even the smallest deviation from these countermeasures could put the integrity of the entire organization at risk, they ought to be adhered to stringently.

Follow Techdee for more!