What is a Supply Chain Attack

What is a Supply Chain Attack?

There's an emerging kind of threat known as software supply chain attacks. Attackers target software developers and suppliers, seeking access to source codes, build processes, or update mechanisms. The attacker's goal is to infect a legitimate app to distribute malware. Attackers hunt for unsecured network protocols, unprotected server infrastructures, and unsafe coding practices. They break in, change source codes, and hide malware in the build and update processes.

Because software is built and released by trusted vendors, these apps and updates are signed and certified. In software supply chain attacks, vendors are likely unaware that their apps or updates are infected with malicious code when they're released to the public. The malicious code can then run with the same permissions as the app, and the number of potential victims is significant, given the popularity of some apps.

Imagine if a free file compression app was poisoned and deployed to customers in a country where it was the top utility app. That actually happened in an attack several years ago. Supply chain attacks have steadily increased since. A new cyber-criminal operation discovered by Windows Defender ATP highlights the complexity of supply chain attacks. Attackers targeted a popular PDF editor app; they worked out the installation process and carefully probed the app vendor's server.

They figured out that the server uses one of their partner vendor's servers. Attackers made a replica of this server and then modified a single component of the installation package—a fonts pack—to insert coin miner code. They then tricked the vendor's website to connect to their server. As a result, the poisoned fonts pack file with malicious coin miner code was silently installed with the app. It gets worse because this attack compromised a multi-tier supply chain. It could pose a threat to customers of the six other app vendors that use the same partner vendor. This is the multiplier effect of software supply chain attacks. Software supply chains are fast becoming a popular way to distribute malware.

What steps can software vendors and developers take to ensure apps are not compromised?

• Maintain a secure and up-to-date infrastructure and restrict access to critical build systems.
• Build secure software update processes as part of the software development life cycle.
• Develop an incident response process for supply chain attacks.

How can organizations protect networks against these attacks?

• Deploy strong code integrity policies to allow only authorized apps to run.
• Use endpoint detection and response to automatically detect and remediate suspicious activities that can indicate software supply chain attacks.

Attackers are constantly upping their game, and your software is their next target. Protect yourself, your customers, and your partners by strengthening your protections against software supply chain attacks.

Keywords

• Software supply chain attacks
• Source codes
• Build processes
• Update mechanisms
• Malware distribution
• Unsecured network protocols
• Infrastructure security
• Incident response process
• Code integrity policies
• Endpoint detection and response

FAQ

Q: What is a software supply chain attack? A: A software supply chain attack occurs when attackers target software developers and suppliers to access and compromise software source codes, build processes, or update mechanisms, with the goal of distributing malware through legitimate apps.

Q: How do attackers execute software supply chain attacks? A: Attackers hunt for unsecured network protocols, unprotected server infrastructures, and unsafe coding practices. They break into systems, change source codes, and hide malware in the build and update processes of the software.

Q: Why are software supply chain attacks particularly dangerous? A: These attacks are dangerous because they compromise trusted software vendors, leading to the distribution of malware through legitimate apps and updates. This can affect a large number of users, given the popularity of some apps.

Q: What measures can software vendors take to prevent supply chain attacks? A: Vendors can maintain a secure and up-to-date infrastructure, restrict access to critical build systems, build secure software update processes, and develop an incident response process specifically for supply chain attacks.

Q: How can organizations protect their networks against supply chain attacks? A: Organizations can deploy strong code integrity policies to ensure only authorized apps run, and use endpoint detection and response systems to automatically detect and remediate suspicious activities indicative of supply chain attacks.