Most government agencies today rely on a myriad of software and IT services to manage their daily operations. Additionally, because the attacker is exploiting a trusted IT service, they are essentially walking in through the front door-this means they will be able to gain access to a larger slice of the network and will often have admin-level privileges when they do. According to a recent report by IBM Security, software supply chain attackers have on average 286 days inside the victim’s network before being detected. The longer an attacker has inside a victim’s network, the more damage they can cause-either through data theft, ransomware, other types of malware or network disruptions. This combination of factors greatly increases the risk for a government agency. While any breach can be damaging, a supply chain hack can be exponentially worse because the attacker often has a higher level of access to the network and is harder to detect. Why these attacks are worse than traditional breaches The attacker then only has to wait for the software to be deployed. The software, or its updates, are modified to include backdoors that allow the attacker to access organizations when the compromised software is installed. In this case, the attacker will infiltrate the software company’s own infrastructure and compromise customers through the legitimate software program. This allows the ransomware attackers to encrypt dozens to hundreds of organizations at the same time. There have been many recent examples where attackers use an MSP’s access to deploy ransomware to all the MSP’s clients. This often happens with managed service providers (MSPs) who are IT administrators for many organizations. The attacker then uses this access to move through the victim organizations and wreak havoc. This access may be through software managed by the organization or through credentials the organization has to log in to the target’s network. The first occurs when the attacker compromises an organization that has access into their intended targets. In a software supply chain attack, there are two ways the criminal can breach an organization. It also allows them to blindside the victim by bypassing their network security tools and essentially slipping in through the backdoor directly onto their network, and often with elevated privileges. ![]() This method of attack is increasingly popular among sophisticated hackers because it allows them to target many victims through a single breach, rather than having to attack each of these organizations individually. Even security tools can be breached in order to target their users, as in the case of Avast’s CCleaner tool and the operation by “Fxmsp” group, which targeted top antivirus companies. These service providers can be small business vendors, like the insecure HVAC vendor which allegedly led to Target’s 2013 data breach, or through widely used software services like network monitoring tools (ex: SolarWinds), ecommerce platforms (ex: Magento), file-sharing (ex: Accellion) and other services such as accounting software (ex. Here is what local governments need to know about this growing threat:Ī supply chain attack occurs when a criminal hacker deliberately targets organizations through a third-party service they rely on. Supply chain attacks are extremely difficult to detect, which means the attacker has more time to infiltrate the network, steal data and install malicious tools like ransomware. Similar attacks have occurred through other widely used software products, such as SolarWinds, Microsoft Exchange and Avast’s CCleaner. ![]() Up to 1,500 businesses were affected after hackers found a flaw in the Kaseya remote management software that allowed them to spread ransomware through the company’s software update process and ultimately to the end users of this product. The July 2021 breach of Kaseya is a prime example. Cyber attacks pose a growing threat to local governments, but one risk that is often overlooked is the supply chain attack.Ĭriminal hackers are increasingly targeting software supply chains because these attacks allow them to compromise hundreds or even tens of thousands of victims through a single breach, while also affording them extensive internal access through the trusted systems.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |