An attack on the supply chain consists of compromising digital providers of external services such as: Internet service providers, Telecommunications providers, Software providers, External service providers, Hardware providers, etc. With the aim of infiltrating a target organization from there.
Attackers look for insecure network protocols, unprotected server infrastructures, and insecure encryption practices. They go in, change the source codes, and hide the malware in the build and update processes. Because the software is created and released by trusted vendors, these applications and updates are signed and certified. In attacks on the software supply chain, vendors may not be aware that their applications or updates are infected with malicious code when they are released to the public. The malicious code is then executed with the same trust and the same permissions as the application.
Example of supply chain attack
A clear example of this type of attack is the one suffered by SolarWinds, since a group of hackers compromised the software provider SolarWinds, managing to implement an update with Sunburst malware for its well-known network monitoring application Orion. In this way, they could infect the networks of the companies or institutions where it is deployed.
This type of attack has several ways of attacking each one in a different way, such as:
▸Compromised specialized code sent to hardware or firmware components
▸Compromised software creation tools or up-to-date infrastructure
▸Malware pre-installed on devices like: USB, phones, printers, etc.
▸Stolen code signing certificates or malicious applications signed using the identity of the development company
Other reads:
The steps of the Cyber Kill Chain and what is it?
Phobos – A serious threat for working enterprises
