Reproducible attacks and a low barrier to entry will ensure that the rate of attacks on the supply chain increases over the next year, cybersecurity researchers warned.
the Supply chain is a consistent attack vector for threat actors today. By compromising a centralized service, platform or software, attackers can then either perform a full infiltration of the customers and clients of the original – individual – victim, or pick from the most valuable potential targets.
This can save cybercriminals time and money, as one successful attack can open the door to potentially thousands of victims at the same time.
A ransomware attack levied against Kaseya in 2021 emphasized the disruption that an attack on the supply chain can cause. Ransomware was delivered by exploiting a vulnerability in Kaseya’s VSA software, which resulted in the compromise of several Managed Service Providers (MSP) in Kaseya’s customer base.
In this case, however, only a few companies were affected. One of the strongest examples in recent years is that SolarWinds Violation, in which a malware update was distributed to around 18,000 clients.
The attackers behind the intrusion then chose a handful top-class customers make other compromises, including numerous US government agencies, Microsoft, and FireEye.
In an analysis of 24 recent software supply chain attacks, including those against Codecov, Kaseya, SolarWinds and Mimecast, the European Union Cyber Security Agency (ENISA) said the Planning and execution Attacks on the supply chain are usually complex – but the attack methods that are often chosen are not.
Attacks on the supply chain can be done by exploiting software vulnerabilities; malware, phishing, stolen certificates, compromised employee credentials and accounts, vulnerable open source components, and firmware tampering, among others.
But what can we expect from supply chain security in 2022?
Low barriers to entry
Speak with ZDNet, Ilkka Turunen, Field CTO of Sonatype, said that malicious software supply chain activity is likely to increase in 2022 as the entry barrier to attack methods is low, such as dependency confusion – a “highly replicable” attack vector.
“It’s a no-brainer when the actor’s goal is to influence as many organizations as possible,” commented Turunen. “Add a cryptominer to a dependency confusion attack, not only does a company have to worry about the impact on its software ecosystem, but the actor has now monetized it as well.”
Brian Fox, CTO of the enterprise software company, added that the majority of threat actors today are copycats and the “fashion attack” – or the “attack of the day” carried out by fast-moving threat actors – that will increase the number of intrusions into the supply chain increase in the next year.
Increasing attacks while redefining the perimeter
In a world of the Internet of Things (IoT), old security models, home office requirements, hybrid cloud / on-prem setups and complicated digital supply chains are no longer suitable.
According to George Gerchow, CSO of Sumo Logic, companies “still” struggle with the concept of no defined defense area. While they’re also driving digital transformation projects, they don’t take into account the expanded attack surface that new apps and services can create.
“CISOs and IT security teams don’t have a seat at the table yet, and security is being tightened as the last step in the process. With the ransomware and extortion hype, boards of directors are becoming more and more security conscious, forcing them to be concerned with security issues. ”
Even companies that are increasingly dependent on components, platforms and services at different levels of a supply chain must be aware of this reality, and consequently security must be checked and strengthened, also outside of A’s own networks of the companies.
Ransomware incidents will increase
Ransomware is one of the most lucrative aspects of the cybercriminal world today, with high illegal payments and due to the extortion tactics used, including permanent encryption and the threat of disclosure of sensitive information.
With a record extortion payment in 2021 of $ 40 million, Ransomware is likely to appear more frequently in supply chain attacks.
However, these require planning, knowledge, and a bit of skill – and so Splunk security strategist Ryan Kovar believes that on the way to becoming a “pro,” cybercriminals are likely to be the ones who combine ransomware and supply chain attack vectors.
“Supply chain attacks allow attackers to keep a company’s data for ransom, and research has shown that two-thirds of ransomware attacks are carried out by low-level attackers who bought ransomware tools off the dark web,” says Kovar. “With the ongoing supply chain crisis making delivery lines more vulnerable than ever, organizations must prepare for the inevitability of ransomware attacks on their supply chains.”
Technical debts have to be paid
As companies begin analyzing their digital supply chain for vulnerabilities, they must also grapple with their “technical debt” – described by Stuart Taylor, Senior Director at Forcepoint X-Labs, as the difference between “the” price “and a technical one Project should cost, in order to be future-proof and secure, and the “price” a company is willing to pay in reality. ”
Forcepoint expects a “significant” increase in counterfeit attacks on the supply chain over the next year. As a result, organizations are encouraged to conduct code reviews frequently and consider security at every step of the development and deployment process. Taylor commented:
“Software that is still in use must not be idle, updates and patches are ignored. That couldn’t be an easier way for attackers to gain a foothold. Supply chain malware cannot afford to ignore it. ”
The lack of transparency with regard to the components, software and the security situation of the actors within a supply chain continues to be a problem for today’s providers.
Given recent debilitating attacks like as solar winds, Gary Robinson, CSO at Uleska, believes more companies will be more security-focused in the next 12 months parts list (SBOMs), possibly as part of due diligence in future supply chain business agreements.
SBOMs are software and component inventories that were developed to enforce open transparency about software usage in the company. They can include supplier lists, licenses, and security audit assurances.
“Organizations will also move to Continuous Security Assurance, where suppliers are required to provide up-to-date security reports,” predicts Robinson. “A security report from six months ago will no longer satisfy the security concerns of an update delivered yesterday. This vulnerability relates directly to the company’s own security guarantee, and suppliers have to catch up.”
Previous and Related Reporting
Do you have a tip? Make contact securely via WhatsApp | Signal at +447 713 025 499 or over there at Keybase: charlie0
#Copycats #fad #hackers #bane #supply #chain #security #ZDNet