Can one supply chain cyber-attack stop the world?

2022 04 26 · 3 min read

Imagine waking up one morning.  

You pick up your phone and instantly notice that your internet connection is slow, apps and other online services are unavailable. At first, it might not seem like a big problem – a detox in the era of digital devices and services might benefit your well-being.  

At the same time, your phone is running out of charge. Although it has been plugged in to charge all night. You soon realise that there is no electricity or water. As time passes, you still cannot access anything online that may ruin your plans. You do not have to be an Instagram influencer to get anxious without access to the internet or other necessary resources. Imagine remote working, online shopping, and food ordering suddenly becoming impossible.   

For us, the possibility of sending and receiving information at any time has become so natural that we get anxious when this chance is taken from us. You might be in such a situation after a successful mass-scale supply chain attack.  

This blog post will present what a supply chain attack is and how to prevent and manage the risk of experiencing a supply chain attack.  

What is a supply chain attack?  

A supply chain attack happens when a malicious hacker compromises specific software security.  

Let us say a specific remote management system called “Remote Amadeus” is installed on every employee’s machine. When an attacker manages to hack the company whose product it is, the hacker or a group of hackers in a mass-scale attack installs malicious code and distributes it to the product’s end-users.  

The distribution process might be triggered manually. Also, the attacker might wait for it to come naturally – when the user updates the software to the latest version, which is apparently vulnerable.  

As a result, the end-user is compromised. What might a hacker do with the affected user’s machine? It might vary from exfiltrating sensitive data to entirely encrypting user files and demanding ransom. The potential consequences the user might experience will depend on the machine’s security defence layers. Up-to-date machines with antivirus software, correct user permissions, and set firewall rules will be affected less.  

The potential harm to the infected machine and the other devices residing in the network might be minimal if the network is well-architected. However, the risk is significantly higher when various vulnerable systems across the network or some business devices use default passwords.  

Therefore, it is crucial to keep the devices on the corporate network updated and perform periodical security assessments on the infrastructure devices and security mechanisms.  

What is worth mentioning is that not only the software can be affected by the supply chain attack. Hardware and firmware supply chain attacks are also possible. Although, these are less common than software supply chain attacks.

Recent mass scale supply chain attacks  

The compromise of a third-party vendor might result in a supply chain attack. Unfortunately, many events of this kind are not released to the press. Although some supply chain attacks are so big that they cannot be ignored. When it comes to the supply chain attacks recently, there were some noticeable ones:

Who is behind these attacks?  

The complexity of compromising the target with a supply chain attack is often financially not worth it for individual criminals. Though when it comes to well-financed advanced persistent threats (APTs), they have enormous resources and tend to achieve their goals by any means.   

Supply chain attacks are significant if the APT goals are to cause disastrous losses for a government or corporate. The more widely the software is used, the more hosts can be compromised during the supply chain attack.   

Some of the supply chain attacks are associated with the governments of different nations. For example, Russia is believed to be standing behind the SolarWinds attack. The US applied sanctions against Russia for the attack. It is hard to imagine how many resources were put into this attack that resulted in 18 000 organisations being compromised. According to Microsoft, at least 1000 engineers were working to create this supply chain attack.   

Another example of a nation-sponsored attack is a Shadow Hammer. ASUS Live Update Utility software was infected with malware. Moreover, the digital signature was also compromised, so the software looked official as it was signed by ASUS. China is considered behind this attack, which affected more than a million users worldwide.   

How to manage the risk of experiencing a supply chain attack?  

A solid IT infrastructure starts with essential security hygiene. Here are some of the ways to maximise the security level against supply chain attacks:   

Supply chain attacks might have devastating consequences for anyone connected to the internet. Not only might you become a victim, but your device might spread the malicious code to other machines. What is the scary thing about such attacks? The bigger ones affected by the attack, the higher the number of victims it creates. Supply chain attacks may disrupt various critical government or business activities.  

Are you looking for effective ways to prevent a supply chain attack? Then ensure your IT infrastructure security hygiene. If you need any strategic consultations regarding that, feel free to contact our Baltic Amadeus team.