Cyber-attacks have been on the increase around the world, resulting in businesses having their systems infiltrated. These attacks have flow on effects including downstream implications, loss of sensitive information and business reputation damage.
One of the ways malicious attackers are invading organizations is through supply chain attacks. As the words ‘supply chain’ suggest, attackers enter through a network between a supplier and a company. They target the less secure elements of the supply network to help break into other organizations.
How Does It Work
A threat actor installs malicious code or hardware-based spying components into a third-party vendor’s software. As that software is part of an organization’s ecosystem, it then enters that ecosystem. Once it is in, the code is executed, and this is when it causes damage.
Third-party vendors provide software to many companies, and they store sensitive data for multiple clients. This means one supply chain attack results in multiple clients being attacked and suffering a data breach.
The difference between software supply chain attacks and other attacks (e.g., ransomware) is that it progresses slowly, attacks a specific set of users and is more difficult to detect (as the attack is through software that is part of the current business ecosystem).
Maersk Supply Chain Attack
Let’s examine the supply chain attack at Maersk. Maersk is a global logistics company with over eighty thousand staff, operating in one hundred and thirty countries and has over eight hundred ships. The malicious actor gained access via one computer and infected one hundred and seventy offices, four thousand servers, forty-five thousand PCs and two thousand apps over 10 days.
Ports rely heavily on communication and once the systems went down it caused major disruptions at port terminals in the US, India, Spain, and the Netherlands. No one knew where to go, what to pick up, or what was in the shipping containers. This then had a flow-on effect to other companies such as Merck, FedEx, Saint Gobin and many more. The level of destruction and damage was enormous.
This attack has been among the biggest-ever to hit the shipping industry and echoed through the industry given their position as the biggest container shipping company.
On a positive note, Maersk became the first company to reverse engineer malware after the attack. Furthermore, their Board also agreed to share the information from this attack with other impacted organizations, which shows the generosity and values of this organization.
How To Prevent Supply Chain Attacks
Poorly managed supply chain management systems allow these types of attacks. It’s important for organizations to have strict controls in place for their supply network.
Here are some strategies to prevent supply chain attacks.
As can be seen from the Maersk example, a supply chain attack can cripple an organization and have a flow on effect to their clients, and their clients’ clients. By implementing the strategies above as part of your overall IT strategy, this will help prevent attacks on your ecosystem via vulnerable vendor software.
If you’d like to know more about supply chain attacks, your supply chain risk, and how to protect your business, contact the team at Technology Solutions today.
Best advice I’ve got regarding my cybersecurity strategy was to have a zero thrust approach, thus assuming that any user, device or data is exposed to a potential threat until proven otherwise.
2021 has been the year of firsts and it’s not over yet. We had our first cyber threat but luckily, thanks to our excellent IT department we managed to survive unscathed. We’ve switched to AWL in a heartbeat, I’m sorry we didn’t take this step sooner.