The Cyber Attack a Business Never Saw Coming: Supply Chain Attacks

8 tips to secure your network against software supply chain attacks

Cybersecurity is a priority for IT specialists in every industry, and one emerging threat getting a lot of attention is the software supply chain attack. In this case, cyber thieves infiltrate computer systems via software that has been infected at the distribution center. While not as familiar as things like phishing scams, this type of attack is becoming more common. It’s also becoming more costly.

Let’s explain how this happens and provide 8 tips to secure your network against this threat.

What is a software supply chain attack?

First, it’s important to understand how software supply chain attacks differ from other types of cyber events. Whereas many cyber thieves use infected emails or malware links from unauthorized websites, supply chain attacks target software developers and suppliers. They literally go to the source in order to infiltrate computer systems.

Supply chain attacks originate from a third party that has access to your system. According to a 2018 Microsoft report, “The goal is to access source codes, build processes, or update mechanisms by infecting legitimate apps to distribute malware.”

How these attacks work

Software programs, as well as a range of apps, operate through source codes. In the simplest terms, these codes tell the computer what to do. Supply chain attacks occur when a cyber thief manages to change the source codes. Malware is hidden within the code so that it is automatically installed during the next update. In many cases, the vendor doesn’t know about the problem until after the update has happened.

Supply chain attacks don’t always happen because of software updates in your internal systems. They can also originate from software used by an outside third party that has access to your network, including data management companies, email providers, web hosting companies, vendors, and subcontractors. Attacks can even target JavaScript, which collects analytics and data.

Types of supply chain attacks:

  • Compromised software building tools or updates
  • Stolen code-sign certificates or signed malicious apps
  • Compromised specialized code within hardware or firmware components
  • Pre-installed malware on devices (cameras, USB, phones)

Of course, the problem doesn’t just affect the specifically targeted tools. These attacks are often designed to infiltrate and proliferate across entire networks.

“Once the software is affected it can them make its way into other software that’s more widely deployed,” according to Supply Chain Dive.

Why supply chain attacks are difficult to fight

All businesses rely on the vendors who distribute the programs they use every day. The software comes from trusted sources. The users, in turn, trust that updates are safe. The authors of software supply chain attacks are well aware of this relationship and they exploit it.

“Because software is built and released by trusted vendors, these apps and updates are signed and certified … vendors are likely unaware that their apps or updates are infected with malicious code when they’re released to the public. The malicious code then runs with the same trust and permissions as the app,” according to Microsoft.

How to prevent software supply chain attacks

There are steps you can take to prevent this threat:

  1. Install all software updates – While malware does often get introduced during software updates, it is still the best practice to make all updates from trusted providers as soon as possible. Sometimes the new update with help eliminates the original malware infection.
  2. Secure socket layers and digital signatures – Secure socket layers (SSL) is a protocol that transmits documents via the Internet. SSL is a cryptography system that requires two keys to encrypt (and then unlock) sensitive data. Digital signatures are meant to ensure that that data or code has not been altered in transit.
  3. Establish a strong code integrity policy – A code integrity policy is a file containing the rules that security software and firewall systems will enforce. It measures the quality of source code and ensures that it is written correctly.
  4. Employ endpoint detection – This relates to computer networks that remotely connect things like laptops, tablets, smartphones, and other wireless devices. Endpoint detection or security establishes protocols and compliance standards to protect these devices.
  5. Limit the use of external software – If you don’t actually need or require certain software to make your systems run or perform vital functions, don’t use it.
  6. Avoid freeware – A big source of supply chain attacks comes from freeware, which is the software you can download without paying for it. Do you really need that software? If not, don’t download it. You should also think twice before downloading web browser extensions and plugins.
  7. Use IDS/IPS systems – IDS stands for Intrusion Detection System, whereas IPS means Intrusion Prevention System. Both systems monitor networks and look for anomalies or other signs of malicious activity.
  8. Implement patch management – Path management is used to help your system manage updates. Many of the patches enhance security in the network.

Cyber attacks can come from a variety of directions, including external software supply chain attacks from vendors. Your business could be at risk—so use these 8 tips to help secure your network.

CyberGuard360 offers state-of-the-art security systems to help monitor and protect against cyber attacks. We also provide a wide array of other services, including risk assessment, compliance management, education and training, and disaster recovery. Call us at 844-315-9882 or reach us via our online contact form.