If you had to name the organisations that you could trust to keep your business-critical information safe, your suppliers would probably be high on that list. But, thanks to a growing type of cyber attack, your supply chain could be an open backdoor that lets hackers into your network.
What’s a supply-chain attack?
Supply-chain attacks are when hackers exploit security weaknesses in one system or company to gain access into an another organisation that buys their products. For example, a hacker could hide malware in a software update that is then automatically distributed from an unknowing supplier to thousands – even millions – of trusting customers.
A growing cyber security threat
In 2017, a malicious backdoor was discovered within the security tool CCleaner, which was used to deliver malware to selected targets who had installed the otherwise legitimate tool. This attack is similar to the means of distribution of Nyetya (NotPetya) which utilised the legitimate update mechanism for MeDoc financial software to install and distribute wiper malware.
These types of attack are on the rise. According to a November 2018 study by Opus & Ponemon Institute, 59 percent of companies in the US and UK said they had experienced a data breach caused by one of their vendors or third parties.
It’s a major concern – not least because it goes against everything we thought we knew about trust and cyber security. Speaking about the CCleaner incident, Craig Williams from Cisco Talos said:
Protecting your business against supply-chain attacks
Protecting against supply-chain attacks is vital for both vendors and customers. Whether you’re buying or selling technology, you need to ensure that you’re not the weak link in the chain.
Endpoint protection – securing you and your employees’ laptops, tablets and work phones – is a crucial first step. The Cisco Talos researchers discovered the CCleaner attack while testing the company’s new exploit-detection technology for a customer. The rogue file gave itself away because it kept triggering the Cisco Advanced Malware Protection systems.
Using your network itself to detect anomalies provides another layer of defence. Tools like Cisco Umbrella have data analysis systems and threat intelligence integration which can block common malware methods. These include domain generation algorithms, which an infected computer would use to create domains which it then contacts to receive commands about how to go about its business. If you’re new to network security, we’ve produced a simple checklist for SMBs which covers the basics.
Protecting the integrity of your product – including any open-source components or off-the-shelf modules you include in it – should be as central to your development process as design and testing. The Register reported that in the twelve months leading up to September 2018, the use of compromised open source components was up 120 per cent. Hackers have even started inserting vulnerabilities directly into the code in the hope they will make it into released software.
The UK National Cyber Security Centre has produced a guide to supply-chain security, which goes into more details about steps you can take and covers further types of attack to the ones covered in this article.
You can also use our network security checklist for SMBs to get up to speed on the basics of protecting your business from online threats.