“Build it in, don’t bolt it on,” is a mantra that we all learn when we study cybersecurity. Unfortunately, we see it in practice far too rarely. Our adversaries also know this principle, and have begun to implement it by infecting the supply chain – hardware and software – as close to the source as possible.
Crowdstrike and Symantec both note the trend in recent threat reports.
In their July, 2018 report, Crowdstrike notes that:
- Two-thirds of respondents reported had experienced a software supply -chain attack;
- 90% of the survey respondents believe they are at risk for a supply chain attack;
- Organizations are still slow to detect, remediate and respond to threats, and yet only one-third of respondents vet all of their suppliers.
Symantec’s 2018 Report agrees:
- “Symantec is now seeing an increase in attackers injecting malware implants into the supply chain to infiltrate unsuspecting organizations, with a 200 percent increase in these attacks—one every month of 2017 as compared to four attacks annually in years prior.
- Hijacking software updates provides attackers with an entry point for compromising well-protected targets, or to target a specific region or sector”
Some specific examples come to mind. In 2017, attackers compromised the development environment of a PC tool called CCleaner, infected the software, and unwitting users downloaded updates – validated by the company’s certificate – to their machines.
To read the rest of the article, please fill out the form below.