The growing threat of supply-chain attacks
Cyber attacks pose a growing threat to local governments, but one risk that is often overlooked is the supply-chain attack.
Criminal hackers are increasingly targeting software supply chains because these attacks allow them to compromise hundreds or even tens of thousands of victims through a single breach, while also affording them extensive internal access through the trusted systems.
The July 2021 breach of Kaseya is a prime example. Up to 1,500 businesses were affected after hackers found a flaw in the Kaseya remote management software that allowed them to spread ransomware through the company’s software update process and ultimately to the end users of this product. Similar attacks have occurred through other widely used software products, such as SolarWinds, Microsoft Exchange and Avast’s CCleaner.
Supply chain attacks are extremely difficult to detect, which means the attacker has more time to infiltrate the network, steal data and install malicious tools like ransomware.
Here is what local governments need to know about this growing threat:
What is a supply-chain attack?
A supply-chain attack occurs when a criminal hacker deliberately targets organizations through a third-party service they rely on.
These service providers can be small business vendors, like the insecure HVAC vendor which allegedly led to Target’s 2013 data breach, or through widely used software services like network monitoring tools (ex: SolarWinds), ecommerce platforms (ex: Magento), file-sharing (ex: Accellion) and other services such as accounting software (ex. M.E. Doc). Even security tools can be breached in order to target their users, as in the case of Avast’s CCleaner tool and the operation by “Fxmsp” group, which targeted top antivirus companies.
This method of attack is increasingly popular among sophisticated hackers because it allows them to target many victims through a single breach, rather than having to attack each of these organizations individually. It also allows them to blindside the victim by bypassing their network security tools and essentially slipping in through the backdoor directly onto their network, and often with elevated privileges.
How the attack unfolds
In a software supply chain attack, there are two ways the criminal can breach an organization.
The first occurs when the attacker compromises an organization that has access into their intended targets. This access may be through software managed by the organization or through credentials the organization has to log in to the target’s network. The attacker then uses this access to move through the victim organizations and wreak havoc. This often happens with managed service providers (MSPs) who are IT administrators for many organizations. There have been many recent examples where attackers use an MSP’s access to deploy ransomware to all the MSP’s clients. This allows the ransomware attackers to encrypt dozens to hundreds of organizations at the same time.
The second method is even more devious. In this case, the attacker will infiltrate the software company’s own infrastructure and compromise customers through the legitimate software program. The software, or its updates, are modified to include backdoors that allow the attacker to access organizations when the compromised software is installed. The attacker then only has to wait for the software to be deployed.
To read the complete article, visit American City & County.