Cyber-attacks against digital supply chains are on the rise. Supply chain compromises typically seek to introduce security flaws or exploitable features into hardware, software, or digital services, which are then passed on to customers. Last year saw some significant examples of supply chain attacks, including the compromise of managed service providers (MSPs) and several software products.
In 2017, suspected Chinese hackers compromised several global MSPs, which deliver outsourced IT, HR and business services. It is thought that the attackers obtained commercially sensitive data from the MSPs and their clients, which included government agencies.
According to the National Cyber Security Centre (NCSC), MSPs represent a particularly attractive target as they have links to thousands of customers worldwide. Even if a client has strong cyber security, it may find itself vulnerable if a trusted network link to an MSP is compromised.
Last year also saw a number of supply chain cyber attacks targeting software. Between 15 August and 12 September 2017, downloads of a free computer clean-up tool known as CCleaner were infected with malware. The incident is thought to have affected over two million downloads by both individuals and businesses, and resulted in further attacks against large technology and telecommunications companies in the UK, Taiwan, Japan, Germany and the US.
NotPetya, the global malware attack that caused major disruption in June 2017, was also a supply chain attack. Attackers managed to introduce malware into MeDoc, a legitimate software application widely used by businesses in Ukraine for handling tax returns. The compromised MeDoc update infected users of the application, while the malware was then able to spread itself within networks.
Why does it matter?
Supply chain cyber attacks are seen as an increasing threat by cyber security agencies and cyber security firms. Analysis from Symantec identified a 200% increase in attacks where hackers injected malware into the software supply chain. This equated to one attack every month last year, compared to four attacks in all of 2016.
According to the UK’s National Crime Agency, supply chain compromises are extremely difficult, and sometimes impossible, to detect. Network monitoring can detect unusual or suspicious behaviour, but it is still difficult to ascertain whether a security flaw has been deliberately introduced (as a backdoor) or an error on the part of developers or manufacturers. Services of almost any sort can be affected, particularly if they involve electronic connectivity or data import.
Download Cyber Decoder
For further information, please contact Sarah Stephens, Head of Cyber, Content and New Technology Risks on firstname.lastname@example.org.