For many businesses, 2023 could be considered the ‘year of the supply chain attack.’ These increasingly sophisticated and complex threats exploit vulnerabilities in various components of supply chains, including software, hardware, and third-party services. The breadth of these attacks is vast, affecting businesses globally and leading to consequences which range from data breaches to operational disruptions.
State cyber actors play a major role in this trend, continuously targeting everything from government entities and critical infrastructure (CI) to commercial systems and their associated supply chains. Their objectives extend beyond state secrets to include gathering valuable and sensitive information from businesses. In response to these threats, organisations like the Australian Signals Directorate (ASD) have issued several alerts to raise awareness about vulnerabilities in products commonly found in ICT supply chains. For example, during 2022–23, ASD released alerts concerning vulnerabilities in devices such as Citrix Gateway and Application Delivery Controller.
Two significant supply chain attacks highlighted the evolving nature of these threats in 2023:
- 3CX: in March 2023, malicious code was discovered in 3CX’s desktop applications. This attack was particularly concerning as it stemmed from a compromised software package, highlighting the risks of indirect software dependencies.
- MOVEit: between May 31 and June 12, 2023, MOVEit, a managed file transfer software, experienced vulnerabilities that were exploited to access sensitive information and deploy ransomware. These vulnerabilities were significant due to the software’s widespread use in enterprise environments.
What’s behind the surge in attacks?
The concept of a supply chain attack is not new. However, the scale and frequency of these attacks in 2023 have prompted a reevaluation and strengthening of security strategies. Modern supply chains are complex networks of information and technology systems, often involving multiple vendors and service providers. This complexity creates a web of interdependencies where each node could serve as a potential entry point for cyber attackers if not adequately secured.
Some of the most common vulnerabilities that supply chain attacks can exploit include:
- Security gaps in open-source software: the collaborative and innovative nature of open-source platforms often comes with significant security vulnerabilities, which are attractive targets for attackers.
- Weaknesses in third-party applications: reliance on external applications can introduce vulnerabilities, as these apps may lack the robust security measures of the primary organisation, creating potential cybersecurity weak points.
- Advancements in malware technology: the rise of sophisticated, artificial intelligence (AI)-enhanced malware presents increasing challenges in detecting and mitigating supply chain threats.
- Insider threats and human error: hard-to-detect risks from third-party collaborators and human errors pose substantial security threats due to their level of access and inherent trust.
- Inadequate encryption practices: insufficient encryption protocols can leave sensitive data within the supply chain vulnerable to interception and exploitation by malicious actors.
How to prepare for a supply chain attack
Supply chain attacks are inevitable, so it’s important for organisations to be prepared. However, focusing simply on prevention is not enough; instead, organisations need a plan in place to detect, respond to, and recover from a breach.
This means taking four critical steps:
1. Employ strict security measures
Multi-factor authentication (MFA) adds extra layers of security, making it more challenging for cybercriminals to breach accounts even if they manage to acquire a user’s credentials. It’s particularly effective in securing remote working environments and meeting regulatory compliance. Additionally, MFA can significantly reduce password risks, as it requires additional verification methods beyond passwords alone.
2. Regularly monitor and report
Organisations should be increasingly vigilant in monitoring their supply chain vendors. Regular updates to senior management about potential security threats are crucial for proactive cybersecurity management. Such continuous oversight helps in early detection and mitigation of threats.
3. Increase cybersecurity budget
The rising number of cyber threats and the increasing complexity of these attacks have made it imperative for companies to allocate more resources towards establishing and maintaining robust cybersecurity defences. For businesses facing budget and resource constraints, partnering with a managed service provider (MSP) can be a viable and cost-effective solution. MSPs offer specialised expertise and resources to bolster cybersecurity measures, empowering businesses to strengthen their defences without the need for extensive internal capabilities.
4. Adopt a zero trust approach
Implementing a zero trust model, where no entity within the supply chain is automatically trusted, is an effective strategy to minimise the risk of attacks. The core principle of zero trust is “never trust, always verify.” This approach shifts the security focus from simply defending the perimeter of the IT environment to protecting every interaction within the network.
How Techwell can help
At Techwell, we’re committed to keeping your business safe from cyber threats.We offer a comprehensive suite of services, including continuous monitoring and specialised security solutions, to provide robust protection. We also understand the crucial role that vendor and partner selection plays in your overall security. That’s why we offer expert guidance to ensure you partner with companies that have robust security measures for your data. In the event of a security breach, we’re here to help limit the damage and support your business in managing the impact, maintaining the resilience and continuity of your operations. To learn more about how you can build a secure organisation and be prepared for the new year, contact the Techwell team today.