The growing threat of supply chain cyberattacks

NetworkTigers explores the rising dangers of supply chain cyberattacks.

As supply chains worldwide have become increasingly interdependent, hacks that target them have become more common. A supply chain cyberattack can incapacitate not only one company but every organization that relies upon them.

What are supply chain cyberattacks?

A supply chain cyberattack targets the relationships and networks between a company and its trusted vendors, contractors, or partners. Companies often grant these third-party vendors access to their systems, financial data, and customer information to streamline business operations. However, this access creates vulnerabilities that hackers can exploit. Instead of attacking the company directly, the hacker infiltrates the trusted vendor’s systems, using it as a gateway into the target organization.

Because companies often rely on numerous third-party vendors for software, services, and data exchanges, a cybercriminal only needs to breach one of these vendors to compromise the entire supply chain. Even if a company invests heavily in cybersecurity, there’s no guarantee that all vendors have the same level of protection. A breach in just one vendor can result in the theft of sensitive data, financial loss, or a complete disruption of business operations.

How trust vulnerabilities enable supply chain cyberattacks

Once an employee is hired, you trust them with access information like login credentials, passcodes, and file access. Similar bonds of trust are often built amongst a company and its vendors, but without the same level of vetting and internal checks as an employee working inside the company undergoes. Instead, a company might automatically greenlight invoices from a trusted vendor, allow them access to shared systems, offer financial information to streamline payments, download their applications and software updates, and exchange customer data. 

Supply chain cyberattacks prey upon these bonds of trust to infiltrate a company. Unlike the threat coming from inside the house, the danger is coming from a trusted friend or neighbor. Even if your company has invested heavily in cybersecurity and conducts regular system screenings, there is no guarantee that all of your vendors are doing the same. It only takes one third-party company that does not take its cybersecurity seriously to take down an entire supply chain.

Supply chain hacks by the numbers

• Since 2018, there has been a 2,600% increase in reported supply chain attacks. 
• In 2023, over 245,000 recorded open-source software incidents targeted supply chains. 
• Successful supply chain hacks in 2023 led to approximately $82 million in losses. 
• By 2025, approximately 45% of organizations worldwide are predicted to have experienced a software-based supply chain cyber threat, according to Gartner. 

How do supply chain cyberattacks happen?

Supply chains are, by nature, interconnected, making them valuable targets for hackers. Some of the main industries targeted by supply chain hacks are the financial sector, health care, energy and the electric grid, airspace, and defense. These industries tend to rely heavily on third-party vendors, whose software can allow hackers to access their systems. 

Hacks that occur through supply chain software tend to be “upstream server attacks.” This means that one company’s poisoned software affects every company that is “downstream” of it. Some of the most common ways that these supply chain cyberattacks happen are:

• Phishing attempts, like sending fake invoices
• Stolen SSL and code-signing certificate attack, where private keys used for authentication are stolen, allowing hackers access to secure websites and cloud storage systems 
• Social engineering efforts that rely upon using trusted names and known credentials from an infiltrated vendor to convince your employees to share information
• Dependency confusion attacks, where false dependencies are registered and then incorporated into software builds
• Hardware hacks, though rarer, involve physical devices like routers, keyboards, or tablets being compromised to provide access.
• Ransomware, where a hacker may use initial access to download malware onto a vendor’s system and hold connected networks hostage.
• Open source attacks, where a poisoned code is introduced into open source software, which is then unknowingly propagated into additional builds
• CI/CD infrastructure attacks involve malware being introduced into development automation infrastructure. One example is a GitHub repository cloned and then duped as a safe source. 

Recent and notable supply chain cyber attacks

1. SolarWinds 2020 hack: Russian actors injected Trojanized code into the Orion software for Texas-based network management company SolarWinds. This software intrusion affected approximately 18,000 customers, including the federal government, and allowed remote file access.
2. MOVEit 2023 hack: Ransomware gang CI0p gained access to file transfer site MOVEit via a zero-day vulnerability. This supply chain hack infected around 2,300 known companies and 65 million individuals. The MOVEit hack is thought to have cost around $10 billion globally.
3. Kaseya 2021 ransomware: Managed service providers (MSP) were infected by REvil ransomware through a supply chain hack set in motion through a routine software update. The Kaseya hack ultimately extorted $70 million by holding MSP systems hostage.
4. Agrius Fantasy Wiper 2022 hack: An Iranian hacking group known as Agrius infiltrated the diamond industry by targeting an Israeli software developer who unknowingly sold poisoned products to his clients. The Fantasy Wiper, the malware Agrius used to infiltrate systems, was named similarly to a legitimate development infrastructure and, therefore, downloaded by users. 
5. Stuxnet 2010 malware: Stuxnet is a famous historic software weapon. This malware was developed by US and Israeli security forces and was used to compromise industrial control systems at the Natanz nuclear facility in Iran. It was one of the first major examples of a cyber weapon in the hands of a state actor. It was successful due to supply chain infiltration into an otherwise heavily guarded cyber system.

These high-profile breaches demonstrate just how far-reaching the consequences of supply chain cyberattacks can be, affecting industries and individuals worldwide.

Preventing supply chain cyberattacks

Today, the average software enterprise has 203 dependencies. For a hacker, this means 203 possible ways in, besides infiltrating the company’s own system. To mitigate this risk, it’s crucial to communicate clearly and regularly with your vendors about their cybersecurity practices. Create a plan for how and when vendors are expected to share information about intrusions and share resources, as well as strategies for protecting where networks overlap. 

According to Crowdstrike’s Global Security Attitude study, 84% of companies share that supply chain cyberattacks are one of their top concerns. However, only 36% of companies that responded report having vetted their new and past suppliers in the last 12 months. The most important step in preventing supply chain cyberattacks is conducting thorough due diligence on all vendors—your network’s security is only as strong as its weakest link.

About NetworkTigers

NetworkTigers is the leader in the secondary market for Grade A, seller-refurbished networking equipment. Founded in January 1996 as Andover Consulting Group, which built and re-architected data centers for Fortune 500 firms, NetworkTigers provides consulting and network equipment to global governmental agencies, Fortune 2000, and healthcare companies. www.networktigers.com.

All articles sponsored by NetworkTigers.