The U.S. National Counter Intelligence and Security Center’s Foreign Economic Espionage in Cyberspace report released last week highlights the increased threat that software supply chain attacks pose to our critical infrastructure sector.
The report breaks down the current threats as well as future trends in foreign intelligence efforts to compromise U.S. intellectual property, trade secrets, and proprietary information in cyberspace, naming China, Russia, and Iran as the most capable and willing actors tied to cyber espionage.
New technologies like Artificial Intelligence (AI) and the Internet-of-Things (IoT) have introduced new vulnerabilities into U.S. networks that for the most part, we’re largely unprepared for, but its attacks on the software supply chain that represent one of the biggest emerging threats to U.S. security.
It said 2017 was a watershed year for public reporting of supply chain attacks, as seven incidents were recorded compared to only 4 incidents recorded between 2014 and 2016. Such attacks include Floxif which infected 2.2 million CCleaner customers using a backdoor. The hackers targeted 18 specific companies and infected 40 computers to conduct espionage in order to gain access to Samsung, Sony, Asus, Intel, VMWare, O2, Singtel, Gauselmann, Dyn, Chunghwa and Fujitsu.
While the number of attacks is growing, the potential impacts are, too. Hackers continue to target and attack software supply chains to achieve some desired outcome, whether it be cyber espionage, intentional disruption, or financial impact, they don’t appear to be slowing down any time soon.
Supply chain attacks by nature are especially devious because they violate every principle of computer security for consumers, potentially leaving individuals who follow cybersecurity basic principles just as vulnerable as individuals who click and install from unknown sources.
These attacks can be simple, like corrupting a vendor’s patch site by placing malware files similarly named to authorized code, in hopes that the malware file is downloaded. Or, these attacks can be more complicated, like infiltrating the code base to insert malware before the code is compiled or electronically signed.
Hackers continue to use this attack method because it represents an effective way to bypass traditional defenses and compromise a large number of computers. This is due in part because many software development and disruption channels lack proper cyber and process protections, and also because other cyber-attack paths become increasingly less optimal as system owners improve the security posture of their network, components, and computers.
Attribution of these kinds of attacks is largely unknown, but technical and geographic aspects in many attacks point to hackers in either Russia or China.
Supply chain security cannot be achieved without the essential Critical Security Controls in place, establishing a solid security foundation for any organization across all industries. These controls coupled with Intelligent Change Control technology can help track and analyze changes made to your system’s integrity by leveraging self-learning whitelisting technology and threat intelligence. Finally, using dynamic baselining will ensure your systems align to the most up to date, compliant state possible.
We at NNT specialize in this exact process, as something we like to call Security through System Integrity. Learn more about how NNT delivers Security Through System Integrity here