In the past several years, we've seen an uptick in cyber threat activity. In fact, many cyber-espionage groups, such as Dragonfly, are becoming especially bold when attacking an organization’s weakest links: their third-party supply chains.
Let’s discuss why supply chain cyber attacks are gaining momentum so you can prepare for and prevent a similar exploit against your company.
The software supply chain has many touch points, from app development to product deployment. This includes any open-source code, your development team’s contributions, and — of course — any components provided by third parties.
First, let’s be clear: threat actors will look for and target any weak points in your software supply chain. Even if you already have a cybersecurity plan in place for your organization, your third-party components may not have the same protection, which could result in a data breach if left unchecked. The top reasons why third-party supply chain attacks are increasing, as well as supply chain cyber attacks in general, include:
Businesses everywhere trust third-party solutions to make operations easier. From the reporting tools you use to quantify your metrics to the vendor who manages your cybersecurity needs, we all trust software solutions or service providers and share a certain level of access to our data with them.
Threat actors recognize this — and have been increasingly targeting suppliers in digital attacks, knowing they can gain access to a deep chain of associated companies with just one breach. By compromising the right supplier, a bad actor amplifies their reach, not only gaining access to their target’s data but also the partner data they possess.
Not only can threat actors access more companies than the single supplier they target, but they can also often gain access to higher-payout victims. While the bad actors may not be able to compromise the security defenses of these highly protected organizations on their own, supply chain attacks mean they really don’t need to.
Instead, threat actors only need to find a way in through an organization’s partner and capitalize on the trust that the company has in its current partners to launch secondary cyber attacks.
Threat actors continue to find new and creative ways to wipe their digital footprints and cover their attacks. Incident responders can often trace the indicator of compromise (IOC) of a supply chain attack and see the path the bad actors took to amplify their reach, but it can be hard to attribute the threat actor behind the breach.
While malicious code can be analyzed and reviewed for signs of technique based on previously investigated cyber attacks, sophisticated bad actors know how to throw investigators off track.
While there have been a number of supply chain attacks over the past several years, here are two examples that stand out:
Change Healthcare is a medical tech company and operates the largest clearinghouse in the U.S regarding insurance billing and payment.
On February 21, 2024, Change Healthcare had to shut down its services due to a supply chain attack caused by the infamous hacker group, BlackCat. The group was able to compromise credentials and access Change Healthcare’s private portal. The downtime caused many businesses and customers to experience detrimental consequences, including the inability to bill insurance providers and collect revenue. Unfortunately, Change Healthcare has suffered the true cost of the data breach in that they are still (as of June 2024) not operating at full capacity.
In December of 2023, Toyota Financial Services in Germany was shut down after being hit with a ransomware attack.
The ransomware gang, known as Medusa, compromised sensitive data and held it for an $8 million ransom. It’s suspected that they used a vulnerability in a third-party application, Citrix NetScaler, to gain data access. Toyota had to notify customers that over two million customer records were exposed to the threat actors behind the ransomware attack.
Bad actors look for trusted vendors and leverage that access to compromise companies. To safeguard against these types of breaches, it’s crucial to understand the security measures of suppliers — not just your own.
For more actionable advice, download our 5-1/2 Easy Steps to Avoid Cyber Threats today.