Are you protected from a supply chain attack?
With the attack on the City of Atlanta, hackers targeting critical infrastructure shouldn’t come as a shock. Long gone are the days of hackers only targeting credit card information; they are looking to disrupt the things we take for granted—and right now hackers are feeding off third-party access to critical infrastructure. This is because hacking into a system offers a lot of options, like access to sensitive information or even shutting down whole systems. Supply chain attacks are becoming more popular, which leads us to this question: how do we protect our infrastructure from a supply chain attack?
Understanding supply chain attacks
When infrastructure is attacked, it is known as a supply chain attack. It is known as such since a supply chain is defined as the network between an organization and its vendors that work together to supply a product or service. According to CSO Online, an attack on a supply chain happens when a bad actor infiltrates a system through an outside vendor or provider that has access to systems and networks. In other words, a bad actor gains access to a third-party vendor’s access point and then has the ability to get in and wreak havoc on critical infrastructure. Things like 911 call centers, servers, payment systems, and more have been shut down resulting from a supply chain attack. One noteworthy example of a supply chain attack has been Russia’s involvement in critical infrastructure in the United States. Russia has attacked, or attempted to attack, critical infrastructure like U.S. power grids, nuclear power plants, and the 2016 election. According to Forbes, Russia has attacked and infiltrated nearly everything that we, as a country, rely on to function.
Infrastructure is being targeted
Critical infrastructure is being targeted by bad actors, and because no one can afford for systems to be down, attacks are stressful and can even be deadly. A popular form of supply chain attacks is on 911 call centers. Imagine having an emergency and needing to call 911 for help; you would expect someone to answer and for help to be on its way shortly after. Now imagine that the 911 call center closest to you has been hacked, your phone call is put on hold, and you can’t get help for your emergency. This is a reality when 911 call centers are attacked. For many, this is just a horrific and hypothetical situation, but this nightmare wasn’t a hypothetical for one family in Texas. In 2017, an emergency that was put on hold resulted in the death of a six-month-old. Hackers are infiltrating critical infrastructure, like 911 call centers, which disrupts and shuts down the things that we need and rely on the most.
No end in sight for supply chain attacks
According to SecuLore Solutions, 184 cyberattacks on public safety agencies and local governments have occurred over the past 2 years. Of those, 42 (22.8 percent) of attacks directly or indirectly affected 911 call centers. It’s obvious that supply chain attacks will continue to be relevant, especially with the recent attack on Baltimore's 911 call center. The attack on Baltimore began as ransomware that shut down the center. While systems were down, Baltimore was forced to revert to manual mode for each call. According to NBC News, Baltimore City Information Technology determined that this attack occurred because the hacker found a way into the system via an opening in the system. Their access point stemmed from a technician who was troubleshooting the computer-aided dispatch (CAD) system. After making the change to the system, the technician mistakenly left open a port. That opening worked as an access point for a bad actor to get in, which led to Baltimore's 911 call center to rely on manual mode for 17 hours.
How supply chain attacks happen
Supply chain attacks come in many forms. But according to Motherboard, some of the most common ways that supply chain attacks happen are as follows:
- Hackers gain access to a software company's infrastructure, like servers, and place malware into new software releases or security updates. From this, users download the malware from a company’s official software distribution channel.
- Hackers can also break into the development infrastructure of software vendors and add malicious code to an application prior to public release. These breaches usually involve compromising an employee's computer through spear-phishing. This method allows them to exploit vulnerabilities and collect credentials.
- Referred to as a simple supply chain attack, hackers can manage to compromise an Internet accessible web server that a vendor uses to distribute software updates or new releases.
- Hackers can go through a third-party’s access to infrastructure. Modern applications contain numerous third-party frameworks. The malicious code can even spread to thousands of other programs.
Remember, these are just a few examples for bad actors to get in. Unfortunately, hackers are able to adapt and get in many different ways. Hackers will always use a path of least resistance, so don’t allow your network to have one and protect your network with the right secure remote access platform and software.
How to protect yourself
Since supply chain attacks are nearly impossible to detect, the best offense is a good defense. One of the best ways to do that is to check the vendors you are currently working with or are planning to work with. What does their security track record look like? Inquire about both audits and internal security practices and take control of your network. According to Bogdan Botezatu, a senior analyst at an antivirus vendor organization, vendors need to have strong internal auditing and code review practices in place in order to ensure that the products they release perform as originally intended. In other words, use a platform that ensures compliance between organizations and vendors. It could be what saves you from a supply chain attack.