Why supply-chain attacks are destined to escalate

BLACK HAT USA 2021 – Las Vegas – The epic software supply chain attacks over the past year, including the high-profile breaches of SolarWinds, Microsoft Exchange Server, Kaseya, and Codecov, were only the beginning.

“Supply chain attacks are only just starting, and mostly with pretty small vendors that most people had not heard of beforehand,” said Corellium COO Matt Tait, in a live conversation via video with Black Hat founder Jeff Moss. But what happens when these attacks get bigger and affect larger vendors and more of their customers?

Tait – who also delivered the prerecorded keynote, which was streamed on multiple large screens in a ballroom at the Mandalay Bay Conference Center in Las Vegas yesterday – said in the live portion of the event that the relative impact of these high-profile attacks could have been much worse given they were mostly targeted. He warned there will be more and they could well wreak more extensive and widespread damage to more organizations if the attackers hit larger targets with massive customer bases, such as the recent theft of source code from gaming giant EA Games.

“It’s likely to start to escalate in the coming months and years,” he said. “And when something really big happens … everything else will look like complete peanuts” in comparison, he said. When a nation-state or cybercrime organization makes that leap and infiltrates more victims, it will no longer be a “sustainable” situation.

In his keynote, Tait, former information security specialist for the UK’s GCHQ and more recently a member of Google’s Project Zero team, outlined what he considers the three main factors that drove high-profile cyberattacks on Colonial Pipeline, Kaseya, Exchange Server, SolarWinds, and Codecov, as well as North Korea’s targeting of security researchers and the NSO Pegasus Project iOS hacks.

While these attacks each were obviously different, they have a few common themes, he said. “The intrusions caused really big physical, real-world challenges,” such as the temporary interruption in gasoline distribution after Colonial Pipeline’s ransomware attack. And many were driven by a supply chain compromise.

“Several were about stolen zero-days,” as well, he said, pointing to the leaked Exchange flaw and North Korean nation-state hackers targeting security researchers to pilfer their findings. “Some of these working exploits got into the hands of offensive hackers who used these in massive attacks.”

Another factor, he said: a major increase in the number of zero-day exploits over the past year or so, especially on mobile devices. “The number of zero days being exploited in the wild is completely off the charts,” Tait said.

To read the complete article, visit Dark Reading.