What is a Supply Chain Hack/Attack?
Also known as a "value-chain" or "third-part" attack, a supply chain hack occurs when a cyber attacker infiltrates an organization's systems through outside providers or partners with access to your data and systems.
The criminal uses this access to initiate various malicious strategies to interrupt normal business functions and operations.
As a result, the business will either pay a ransom to the hacker or risk losing all data to encryption. It's no surprise that most companies succumb to the hacker's ransom demands.
Why Do Hackers Target Supply Chains?
With the frequency of attacks on the rise, it seems that hackers have more tools and strategies at their disposal. The breach of "FireEye," a government-contracted cybersecurity form, saw hackers make off with its toolkit of hacking tools.
A few days later, the hackers penetrated the systems of Fortune 500 companies using a backdoor created through the "SolarWinds" updating software installed by the security firm. This attack left many top-level companies in America exposed to cyber-attack, with evidence pointing toward Russia as the source of the hack.
BitSight, a security rating firm, estimates the SolarWinds breach could end up costing companies involved in the attack as much as $90-million. The SolarWinds attack also threatened national security in the US, with SolarWinds having access to official government websites.
So far, there are over 250 firms affected by the SolarWinds hack. Surprisingly, the attack also affected cybersecurity firms, including Microsoft and Malwarebytes. Data shows 97% of the top 400 cybersecurity firms experienced data leaks. The same data shows 91 companies have security vulnerabilities.
Understanding Open-Source Threats to the Supply Chain
Supply chain attacks affect more than commercial software. Any organization producing hardware or software for the market is a prospective target for hackers. Bad actors driven by nation-states have skillsets and vast resources at their disposal, allowing for the penetration of the most advanced systems.
The Sonatype 2020 State of the Software Supply Chain Report states supply chain attacks on open-source projects are key issues for organizations. More than 90% of all apps feature open-source code, and some 11% have known security vulnerabilities.
The 2017 Equifax breach is a prime example, where hackers used a vulnerability unpatched Apache Struts framework. Another shocking statistic shows 21% of companies experienced an open-source- breach in the past 12 months.
How Can Companies Protect Against Cyber Attack?
As hackers increase resources and skills around locating and penetrating systems vulnerabilities, companies need to maintain optimal security protocols to stay safe. Start by speaking with us on how to stay protected and secure.