Wednesday, June 29, 2022
CybersecFill
Advertisement
  • Home
  • Events
  • News
  • security tips
  • Article
  • Contact Us
No Result
View All Result
  • Home
  • Events
  • News
  • security tips
  • Article
  • Contact Us
No Result
View All Result
CybersecFill
No Result
View All Result
Home Article

Supply Chain Attack!!! How To Prevent It…..

Henrietta Ijenebe by Henrietta Ijenebe
November 12, 2021
in Article
0
Supply Chain Attack!!! How To Prevent It…..

ImageSource:https://www.csoonline.com/

Share on FacebookShare on Twitter

A supply chain attack is a cybersecurity threat characterized by the attackers targeting a vulnerable or less-secure elements in the supply chain. Often, the “weak link in the chain” exists with a hardware supplier, software vendor, partner, or another third party that has a relationship with the victim.

For example, instead of directly trying to infect a target’s network, hackers might inject malware into a software update of an app used by many organizations. Or perhaps firmware might be exposed to a virus in a manufacturer’s factory when a device is in the hands of a retailer so that when the customer takes delivery of a device, it’s already infected.

Most everyone expects new hardware and software coming directly from the vendor to be free from malware. There’s a level of trust with service providers, which are often given elevated physical access privileges and network access permissions. 

Because of their established relationships, vendors are often allowed to bypass defensive measures — making supply chain attacks tricky to defend against.

Supply Chain Attack Analogy

Imagine a supply chain for the delicious french fries you enjoy at your favorite fast-food restaurant. There are many steps involved between getting the raw food on the farm to finished product on the table.

  • Farmers grow the potatoes
  • A shipping company takes these potatoes to a factory
  • After being cut up into a uniform shape, the fries are packaged
  • A refrigerated truck delivers the fries to the restaurant
  • The restaurant deep-fries the tasty treat for you to enjoy

Let’s say you notice that something has gone very wrong with your french fries. They taste terrible! It’s possible that at any stage in this fictional supply chain, your food could have been exposed to a foul-tasting substance that ended up in your mouth. The contamination might have occurred with a different ingredient as well. For example, the oil used to deep fry your food might have gone bad.

ImageSource:https://www.csa.gov.sg/singcert/

The same might happen in IT. Your PC contains many different components that were produced by different manufacturers. You rely on multiple vendors that provide IT services. You may have dozens of applications or services preloaded on your smartphone or computer before it is delivered to you. If at any stage of the supply chain, any of these are compromised, you could fall victim to a supply chain attack.

Supply Chain Attack Examples

The following are prominent examples of supply chain attacks:

  • NotPetya ransomware — Hackers implanted ransomware in a patch of the Ukrainian accounting software, MeDoc. When the update rolled out, it kicked off the NotPetya outbreak, which caused chaos around the world.
  • Phones ship with pre-installed malware — About 5 million smartphones in Asia were infected by RottenSys malware somewhere in the supply chain between 2016 and 2018.
  • CCleaner update malware — Researchers found that hackers had installed a backdoor in the popular CCleaner tool via a compromised software update. Luckily, the vulnerability was caught before hackers had a chance to do more damage.
  • Target hacked through their HVAC vendor — Target stores were compromised when network credentials were stolen from the heating/air conditioning vendor, which had been granted network access to several store locations.
  • Home Depot breach — The hacking of the home improvement company’s self-checkout system in 2014 was blamed on the theft of network credentials from a trusted supplier.
  • 24[7].ai chat service malware affects Delta, Sears, Best Buy — Websites of some of the biggest brand names in America had data compromised via a third-party chat service provider that had access to the companies’ websites, exposing the information of more than 100K customer credit cards.

Mitigating The Risk Of Supply Chain Attacks

In 2019, IT professionals cited the misuse or unauthorized sharing of confidential data by third parties as their second biggest concern. Here are six ways to reduce the risk of supply chain attacks.

1. Evaluate The Risk Of Third Parties

Organizations must insist that their suppliers comply with appropriate cybersecurity regulations. They might ask vendors to perform self-assessments, audits, or make the purchase of cyber insurance compulsory. By evaluating all third parties with access to sensitive data, the risk of experiencing a breach is significantly reduced. 

2. Limit Users’ Ability to Install Shadow IT (Unapproved Software)

IT functions usually have a list of approved software, but individual workers within the business often install unapproved programs such as file-sharing software to help them do their jobs. This is known as Shadow IT.

By reducing the number of users who are authorized to install third-party software on machinery, organizations can decrease their attack surface. When flawed software or hardware is embedded into a device or product, it presents a major security risk.

3. Include Appropriate Termination Clauses In Vendor Contracts

Organizations ought to consider what will happen to sensitive data held by a supplier following contract termination. There should be a clause within all vendor contracts to address this issue.

4. Review Access To Sensitive Data

It’s important to know exactly who has access to an organization’s sensitive data so they can limit access to select users for specific purposes. Third parties should be required to openly share this information.

5. Secure IoT Devices

IoT devices are known for being extremely vulnerable to cyberattacks, which means extra precautions must be taken to secure them. For example, diagnostics for a smart manufacturing tool can be automatically sent to the manufacturer to carry out predictive maintenance. It might be a much-valued service, but it leaves organizations vulnerable to attack.

6. Continually Monitor And Review Cybersecurity

The nature of cyberattacks is forever evolving to exploit organizations’ vulnerabilities. To reduce the chances of a supply chain attack, the cybersecurity policies of organizations and their vendors must be continuously assessed and refreshed.

 

Tags: Cybersecurity RegulationsIoTShadow ITSupply Chain
Henrietta Ijenebe

Henrietta Ijenebe

Another Breed striving to make our cyber.space a better state of existence. CyberContent Writer at Cybersecfill. Cybersecurity Threat Intelligence Analysis... Penetration Testing... I code in Javascript...Python...PHP I convey with HTML I beautify with CSS

Next Post
7 Ways to Defend Mobile Apps, APIs From Cyberattacks….

7 Ways to Defend Mobile Apps, APIs From Cyberattacks....

0 0 votes
Article Rating
Login
guest
guest
0 Comments
Inline Feedbacks
View all comments
  • Trending
  • Comments
  • Latest
CEH_PRACTICAL

CEH PRACTICAL EXAM – TICKET TO CEH MASTER

February 6, 2021
Wireless Access Point

How To Secure Your Wireless Access Point (WAP)

August 3, 2019
Wifi 6 Security

Did Wi-Fi 6 come with an Improvement In Security?

May 13, 2019
credit card cloning

How Credit/Debit Cards are Cloned / Preventing Card Cloning

December 26, 2019
Nationa Cybersecurity Strategy

A Review of the Nigeria National Cybersecurity Strategy

9
Facebook

Facebook’s New Settings Allows Hackers To Easily Pentest Facebook,Instagram Mobile Applications

8
Getting Started in Cybersecurity – Fundamentals You Should Not Miss.

Getting Started in Cybersecurity – Fundamentals You Should Not Miss.

5
open Source intelligence tools

Open Source Intelligence tools – OSINT

4
Suspected Head of Cybercrime Gang Arrested in Nigeria…

Suspected Head of Cybercrime Gang Arrested in Nigeria…

June 17, 2022
Types of Hackers and Hacking Protection Tips….

Types of Hackers and Hacking Protection Tips….

June 6, 2022
Types of Hackers and Hacking Protection Tips…

Types of Hackers and Hacking Protection Tips…

May 31, 2022
Sports Betting…Increase in Cybersecurity and Data Privacy Risks for Companies and Consumers.

Sports Betting…Increase in Cybersecurity and Data Privacy Risks for Companies and Consumers.

May 19, 2022

Recommended

Suspected Head of Cybercrime Gang Arrested in Nigeria…

Suspected Head of Cybercrime Gang Arrested in Nigeria…

June 17, 2022
Types of Hackers and Hacking Protection Tips….

Types of Hackers and Hacking Protection Tips….

June 6, 2022
Types of Hackers and Hacking Protection Tips…

Types of Hackers and Hacking Protection Tips…

May 31, 2022
Sports Betting…Increase in Cybersecurity and Data Privacy Risks for Companies and Consumers.

Sports Betting…Increase in Cybersecurity and Data Privacy Risks for Companies and Consumers.

May 19, 2022

© 2020 CybersecFill. All Rights Reserved.

No Result
View All Result
  • Home
  • Events
  • News
  • security tips
  • Article
  • Contact Us

© 2020 CybersecFill. All Rights Reserved.

wpDiscuz
0
0
Would love your thoughts, please comment.x
()
x
| Reply

Privacy Policy - Terms and Conditions