No matter what we do, we all want to do the best job we can to make the biggest impact possible. Hackers and cyber-criminals are no different; they want to cause as much chaos as they can. Why attack just one server when you could take down an entire company? Or, perhaps, several companies at once? That’s when they attack the supply chain.
It’s estimated that half of cyberattacks today involve the supply chain. Sometimes, these attacks use the technique of “island hopping,” that is, infecting smaller partners along a supply chain to work up to the higher value target. We saw this in action in the 2013 Target breach; hackers were able to access the Target main network by first compromising a third party vendor.
Other supply chain attacks come as what appear to be normal software updates from an otherwise trustworthy vendor. In these attacks, hackers compromise update mechanisms or other software components to spread malware far and wide. Easily the most infamous of these attacks was the NotPetya attack in 2017, which used a popular Ukranian accounting software to bring Ukraine to a standstill and also caused mayhem for other international companies, including Maersk.
Here are four supply chain attacks from 2019 that you need to know.
At least four times throughout 2019, hackers targeted Airbus suppliers in an effort to get to the main Airbus network to steal corporate secrets. At least one of the attacks targeted the virtual private network (VPN) that Airbus uses to communicate with third-party suppliers.
In May, US Customs and Border Patrol learned that Perceptics, one of its surveillance contractors, had suffered a cyberattack. Hackers were able to access photos of travelers’ faces and license plates, as well as information about surveillance hardware that CBP uses.
In January 2019, Asus discovered that hackers had put backdoors into thousands of their computers using their own update mechanism. Because the hackers were able to compromise a legitimate update package, Asus machines accepted the new, malicious code. Though almost 1 million customers were affected, it appears the attackers were hunting select computers for a second, more targeted attack.
A Chinese Advanced Persistent Threat (APT) has spent the last few years executing supply chain attacks against video game developers in China, and is most recently associated with the backdoor PortReuse. They continue to target video game developers, but are also believed to be connected to the Asus attack and the ShadowPad malware.
Securing your supply chain is crucial in our ever-connected age. Celerium can help—contact us today!