Supply Chain Cyber Attacks
Supply chain cyber attacks have emerged as a critical threat to global business operations and national security. These attacks exploit vulnerabilities within the interconnected network of suppliers and service providers, allowing cybercriminals to infiltrate organisations through trusted channels. Recent high-profile incidents highlight the urgent need for robust cyber security measures to protect against these sophisticated threats. In this article, we’ll cover the most notable supply chain cyber attacks in recent years and assess how you can mitigate the risks of coming across one.
What Are Supply Chain Cyber Attacks?
Supply chain cyber attacks involve compromising a trusted third-party supplier or service provider to gain access to a target organisation’s network. Attackers leverage the interconnectedness of modern supply chains, where software, hardware, and services are often sourced from multiple vendors. By targeting these suppliers, cybercriminals can infiltrate numerous organisations simultaneously, magnifying the impact of their attacks.
Recent Notable Supply Chain Attacks
In recent times, there have been several notable supply chain cyber-attacks which have caused significant disruption and damage to businesses. The National Cyber Security Centre (NCSC) has used these previous experiences to develop new ways of mitigating the risks associated with supply chain cyber-attacks; even the biggest organisations have become vulnerable in the past. Let’s take a look at some of the attacks that have occurred:
British Airways (2018)
In 2018, British Airways (BA) experienced a significant supply chain cyber attack orchestrated by a notorious cybercriminal collective known for web skimming attacks, also referred to as Magecart-attacks. A web-skimming attack involves the placing of malicious code onto a web page which steals data that has been input by users into web forms. This incident compromised the personal and financial information of hundreds of thousands of customers; data from payment cards, travel booking details and customer addresses were stolen. The Information Commissioner’s Office (ICO) fined BA £20 million for violations of GDPR data, although this was slightly reduced following COVID-19.
SolarWinds (2020)
In one of the most notorious supply chain attacks, hackers inserted malicious code into an Orion software update for SolarWinds. The malicious code, known as a “backdoor”, negates normal authentication processes to gain access to a system or network. This compromised update was distributed to thousands of organisations, including government agencies in the USA, allowing the attackers to access sensitive data and creating numerous security issues. In 2021, the NCSC revealed that Russia’s Foreign Intelligence Service (SVR) was responsible for the attack.
Kaseya (2021)
In 2021, Russian cybercriminals exploited vulnerabilities in Kaseya's VSA software, used by Managed Service Providers (MSPs) to manage IT infrastructure. By delivering REvil ransomware to large fleets of computers through a fake update, the attack could easily “downstream” to users of Kaseya VSA servers via malicious script. The ransomware attack affected numerous companies worldwide (roughly 1,500 businesses), encrypting data and demanding ransoms of $70 million (£55 million) to decrypt all devices.
Colonial Pipeline (2021)
A ransomware attack on Colonial Pipeline, a critical fuel supplier in the United States, led to significant disruptions. Deemed a national security threat, the attackers gained access through a compromised password, highlighting the vulnerabilities in critical infrastructure supply chains. During the attack, classed as the “largest publicly disclosed cyber attack against critical infrastructure in the USA”, hacker group DarkSide stole 100GB of data within just 2 hours, injecting ransomware into Colonial Pipeline’s IT infrastructure. The pipeline was suspended to cease the spreading of the attack, and DarkSide were paid to provide decryption keys.
Mimecast (2021)
In early 2021, Mimecast, a leading provider of email security for Microsoft 365 accounts, fell victim to a sophisticated supply chain attack. A certificate used to authenticate Mimecast Sync and Recover, Continuity Monitor, and Internal Email Protect (IEP) products to Microsoft 365 Exchange Web Services had been compromised; this certificate allowed the attackers to gain access to certain Mimecast services and steal their customers' data. While Mimecast initially believed the scope of the attack was limited, subsequent investigations suggested a more extensive breach.
Okta (2023)
In 2023, Okta, an identity access management (IAM) company, experienced a significant supply chain attack that underscored the vulnerabilities inherent in modern cyber security ecosystems. The attack originated through an Okta employee who logged into their personal Google profile on an Okta-managed laptop, saving their Okta service account credentials on their Google account. The account became compromised (through suspected phishing), infecting the Okta laptop with malware which gave hackers access to Okta’s support systems, exploiting session cookies and downloaded pages submitted by customers. From this, session tokens were extracted from Okta’s customers, including security networks such as Cloudflare and 1Password. Fortunately, quick security responses prevented severe consequences, as only 134 Okta customers were affected.
The Implications of Supply Chain Attacks
Supply chain cyber attacks can have far-reaching consequences, including:
- Data Breaches: Unauthorised access to sensitive data can lead to significant financial and reputational damage, reducing future trust in the company.
- Operational Disruptions: Attacks on critical infrastructure can disrupt services, causing economic and societal impacts.
- Intellectual Property (IP) Theft: Stealing proprietary information can undermine competitive advantage and innovation.
- Regulatory Consequences: Organisations may face fines and legal action for failing to protect customer data and ensure supply chain security, such as the British Airways attack in 2021 where they faced a hefty fine.
Mitigating Supply Chain Cyber Risks
Despite the elevated risk of supply chain attacks in current times, there are several ways in which businesses can protect themselves from supply chain cyber threats, including:
- Vendor Risk Management: Conduct thorough assessments of third-party vendors to identify and mitigate risks.
- Regular Audits and Assessments: Continuously monitor and evaluate the security practices of supply chain partners.
- Multi-Layered Security: Implement a defence-in-depth approach with multiple security controls to protect against breaches, such as Multi-Factor Authentication (MFA).
- Employee Training: Educate employees on recognising and responding to cyber threats, particularly phishing and social engineering attacks.
- Incident Response Planning: Develop and test response plans to quickly address and recover from cyber incidents.
The Bottom Line…
The rise of supply chain cyber-attacks underscores the importance of robust cyber security practices across all levels of an organisation’s supply chain. By prioritising risk management, continuous monitoring, and employee education, businesses can better protect themselves against more sophisticated emerging attack vectors. Alternatively, outsourced IT support providers, such as ourselves, can manage and support your cyber security needs. In an era where the interconnectedness of supply chains is both a strength and a vulnerability, proactive security measures are essential to safeguarding operations and maintaining trust.
Ensure Your Business Is Protected Online With ReformIT
At ReformIT, we offer robust cyber security services to keep your business protected online. Our experts are here to support you, so please get in touch with us to discuss your business needs.