Repeatable attacks and a low barrier to entry will ensure the rate of supply chain attacks increases next year, cybersecurity researchers have warned.
The supply chain is today a coherent attack vector for the actors of the threat. By compromising a centralized service, platform or software, attackers can then either carry out widespread infiltration of the customers and customers of the original – singular – victim, or choose to select from among the most valuable potential targets.
This can save cybercriminals time and money, as a single successful attack can open the door to potentially thousands of victims at once.
A ransomware attack on Kaseya in 2021 highlighted the disruption that a supply chain-based attack can cause. The ransomware was deployed by exploiting a vulnerability in Kaseya’s VSA software, leading to the compromise of multiple Managed Service Providers (MSPs) in Kaseya’s customer base.
However, it is only a small number of companies that have been affected in this case. One of the most powerful examples in recent years is the SolarWinds breach, in which a malware update was deployed to approximately 18,000 customers.
The attackers behind the intrusion then selected a handful of high profile customers to further compromise, including many U.S. government agencies, Microsoft, and FireEye.
In an analysis of 24 recent software supply chain attacks, including those suffered by Codecov, Kaseya, SolarWinds and Mimecast, the European Union Agency for Cyber Security (ENISA) said that the planning stage and execution of supply chain attacks is typically complex – but the attack methods often chosen are not.
Supply chain attacks can be carried out through the exploitation of software vulnerabilities; malware, phishing, stolen certificates, compromised employee credentials and accounts, vulnerable open source components, and firmware tampering, among other vectors.
But what can we expect from supply chain security in 2022?
Low barriers to entry
Talk to ZDNetSonatype Field CTO Ilkka Turunen said malware supply chain activity is likely to increase in 2022 due to low barrier to entry attack methods such as Confusion dependencies, which is a “highly reproducible” method of attack.
“It’s a no-brainer to use if the actor’s goal is to affect as many organizations as possible,” Turunen commented. “Add a cryptominer to a dependency confusion attack, and not only does a business have to worry about the effect this is having on its software ecosystem, the actor has now monetized it.”
Brian Fox, the technical director of the enterprise software company, added that the majority of threat actors today are imitators and that the “trendy” – or “attack of the day” attacks carried out by fast-acting threat actors – will increase the number of supply chain intrusions next year.
Read on: Technology and Global Supply Chain | Supply chain security is actually worse than you think | 91% of IT Managers Affected by a Supply Chain Disruption: Survey |
Increase attacks while redefining the perimeter
In a world of Internet of Things (IoT) devices, old models of security, working from home, hybrid cloud / on-premises configurations and complicated digital supply chains are no longer suitable.
According to Sumo Logic CSO, George Gerchow, company players “still grapple” with the concept of not having a defined defense perimeter. While also pursuing digital transformation projects, they do not take into account the extended attack surface that new applications and services can create.
“CISOs and IT security teams still don’t have a place around the table, and security is always the last step in the process. Over the next year, organizational leadership teams will begin to realize this. Boards of directors are increasingly concerned with security due to the hype around ransomware and extortion, which forces them to be concerned with security concerns. ”
Companies that now increasingly depend on components, platforms and services delivered at different levels of a supply chain will also need to be aware of this reality and, therefore, security will need to be verified – and enhanced. – including outside the companies’ own networks.
Ransomware incidents will increase
Ransomware is now one of the most lucrative aspects of the cybercrime world, with high bribes and the extortion tactics used, including permanent encryption and the threat of disclosure of sensitive information.
With a record blackmail payment made in 2021 of $ 40 million, ransomware is likely to start making more of an appearance in supply chain attacks.
However, it takes planning, knowledge and skill. Splunk security strategist Ryan Kovar believes cybercriminals on their way to becoming “pro” are likely to be the ones who combine ransomware and supply chain attack vectors.
“By attacking the supply chain, attackers can hold an organization’s data for ransom, and research indicates that two-thirds of ransomware attacks are committed by low-level scammers who have purchased ransomware tools from the Dark Web, ”says Kovar. “With the current supply chain crisis leaving supply chains more vulnerable than ever, organizations must prepare for the inevitability of ransomware attacks against their supply chains. ”
Technical debt will have to be paid
As companies begin to scan the digital supply chain for weak spots, they will also face their levels of “technical debt” – described by Stuart Taylor, senior director at Forcepoint X-Labs, as the difference between ” the ‘price’ that a technical project would have to cost to be sustainable and secure, and the ‘price’ that an organization is willing to pay in reality. ”
Forcepoint expects to see a “significant” increase in supply chain copy attacks next year. Taylor commented:
“Software that is still in use cannot be left behind, with updates and fixes being ignored. It couldn’t be an easier way for attackers to gain a foothold. Supply chain malware can cause – something no organization can afford to ignore. ”
Lack of transparency regarding components, software and the security posture of actors within a supply chain also continues to be a problem for suppliers today.
In light of recent and debilitating attacks such as Solarwinds, Gary Robinson, CSO at Uleska, estimates that over the next 12 months more companies will need a security-focused nomenclature, potentially as part of the due diligence in future procurement. chain trade agreements.
SBOMs are inventories of software and components designed to impose open transparency on the use of software in the enterprise. They can include vendor lists, licenses, and security audit assurances.
“Organizations will also move to continuous safety assurance, where vendors will be required to provide up-to-date safety reports,” predicts Robinson. “A security report from six months ago will no longer address the security concerns of an update that shipped yesterday. This security gap is directly related to the company’s own security assurance, and vendors will need to catch up. “
Prior and related coverage
Do you have any advice? Contact us securely via WhatsApp | Call +447 713 025 499, or on Keybase: charlie0