How to Minimize Supply Chain Attack Surface
Today’s supply chains are massive, and a growing number of bad actors are taking advantage of third-party dependencies to initiate a cyberattack. Almost every business uses a cloud-based SaaS provider or hires out tasks to a specialized vendor. This broad network increases the attack surface for any organization.
Attacks on supply chain partners, third-party vendors or acquired companies grew by almost 300% from 2020. 2021 is now known as the year of the supply chain attack, this method being favored by both cybercriminal organizations and state-sponsored actors. A Microsoft report indicates that Russia, North Korea, Iran, and China have all increased their efforts to find security weaknesses in third-party service providers for a multitude of objectives, including espionage and disruption.
Supply chain attacks take advantage of the often implicit trust between a target organization and its suppliers. Cybercriminals leverage stolen login credentials to infiltrate email accounts, surveil communications, and then launch phishing attacks against the target organization. Such attacks are more likely to succeed because the bad actors exploit the trust organizations place in their vendors. To prevent the damage of this type of cyberattack, every organization should focus on minimizing their email attack surface.
How Supply Chain Attacks Work
Businesses rely on third-party vendors and partners to maintain their operations. These vendors may have access to sensitive data within an organization’s network. An IT department may have protocols in place to maintain in-house data protection, but there is a limit to what they can control with their partners.
Cybercriminals have recognized that these often smaller companies can be a gateway for accessing the networks of their partners. These attacks can more easily fly under the radar of a company’s security protocols because they specifically exploit trust relationships with external parties. While the entrance can happen through different assault vectors, there are three primary stages involved.
Stage 1: Hunt & Infect
The first step involves choosing a target. Cybercriminals want to find a vendor connected to the greatest number of businesses with sensitive information. For example, the SolarWinds supply chain attack, one of the most damaging attacks of the past years, affected 18,000 clients across many verticals, including government, consulting, telecommunications, and technology.
In this initial stage, bad actors gain access to the vendor network using weaknesses like insufficient email security or unpatched software vulnerabilities. Once in the system, they insert malware or other corrupt code into the company’s source code. The next time an update occurs, the malignant code is delivered to everyone connected to the partner.
Stage 2: Spread & Wait
The next step is spread and wait. Unaware that their apps have been infected, even legitimate software developers and vendors release updates to the public. They certify their updates and clients recognize the new code as coming from a trusted source.
In a spyware attack, the code may gather and send data like credit card numbers or login information. In other cases, the corrupt code can be a backdoor to install ransomware on an infected network. The cybercriminals can take their time and learn which companies are most likely to pay the ransom before launching the attack.
Stage 3: Attack & Collect
State-sponsored actors are often looking to gather intelligence. They may never make an obvious attack on a company’s network, preferring to keep their impact secret. But the focus of cybercriminals is on the payoff. Using the backdoor supplied by the third-party vendor, the attackers infiltrate additional networks and ultimately gain access to email addresses, login credentials, and other forms of PII (personally identifiable information). They can also threat to leak the company's financial data, intellectual property, trade secrets, or they can seize and encrypt sensitive data. For companies without a reliable backup strategy, data encryption can severely cripple or completely stop business operations.
How to Mitigate the Risks of Supply Chain Attacks
Supply chain attacks are a challenge to navigate. The demands of modern business involve exterior network connections, but minimizing an organization’s attack surface is essential for safety. Security teams must develop a comprehensive strategy. The best protection comes when they take steps to mitigate the risks of a successful attack.
Take a Proactive Approach to Cybersecurity
With the threat of attacks through trusted partners, companies cannot assume that they can wait for the signs of infection. The first sign of a problem may be encrypted data and a ransom demand. A proactive approach is needed.
Employing a machine-intelligent email security solution can help mitigate the risks of a supply chain attack. This kind of security software analyzes every email that comes into an organization’s network and looks for unusual patterns. Anything that falls outside the parameters of typical interactions is flagged as a potential threat. A strong email security solution can stop even the most sophisticated attacks.
Assess the Security Posture of Suppliers and Partners
The third-party vendors attached to a company’s network are part of its attack surface. Before signing up for their services, it is important to first assess their approach to cybersecurity. Any reputable vendor should be willing to explain their protocols and share the results of audits. Businesses like payment processors are also required to obtain safety certifications. Knowing that a vendor takes a high-level approach to security offers more protection to any company.
Review IT Security Operations Hygiene
In-house security should be a constant focus. New cyber threats emerge every day, and security teams must do what is necessary to prevent them. They should review protocols throughout the business. Are people employing strong passwords? Does the organization require two-factor authorization to access the network? When was the last email security training session? Such practices may be a short-term inconvenience, but they can prevent the long-term damage of a successful attack.
There should also be a discussion about how employees and vendors access the network. Remote access options like RDP must be strictly monitored and treated as high-risk points of entry. A comprehensive approach means knowing how and why people connect to an organization’s network.
Protecting Organizations against Supply Chain Attacks
Supply chain attacks will continue to grow as a cybersecurity concern. Hoping for the best is not adequate protection from the overwhelming number and sophistication of attacks. Instead, organizations must take a comprehensive approach to keep sensitive data safe. Well-prepared businesses will pay attention to employee security habits, in-house software vulnerabilities, and the security practices of third-party vendors. Monitoring the safety of every connection will decrease the overall attack surface.
Thousands of emails may travel through an organization’s system every day, so it is a constant security concern. One of the dangers of attacks through third-party vendors is access to email contacts within one’s company. It only takes an accidental click on a link from a trusted account to enable a ransomware attack. A machine-intelligent email security solution like xorlab ActiveGuard helps prevent Vendor Email Compromise and other email-borne threats.
To learn more about how xorlab can help protect your company from supply chain attacks, request a demo today.