What is a Supply Chain Malware Attack?

If you manage a service business, you probably don’t spend much time thinking about your supply chain.  But there’s one supply chain that every business needs to manage – data.

Operations, sales, finance and HR departments all use different software to generate sensitive data.  Once generated, that data must be stored, managed and backed up.  Each of these steps are enabled by different companies’ software – and each are steps within the data supply chain.

Supply Chain Malware Attack

Unfortunately, hackers have learned that, by targeting the largest companies along this supply chain, they can also gain access to end-users’ data – and those end users include companies like yours.

How Does the Attack Work?

Two recent supply-chain attacks have made waves in the security community – the SolarWinds and Passwordstate hacks.  Both were targeted at products with tens of thousands of users, including Fortune 500 companies and small businesses.

In each case, hackers gained access to a software developer’s network and hacked a product update just before it was distributed to product users.  Each user that installed the hacked update provided the hackers with direct access to their company’s network.  In each case, hackers gained access to data on thousands of business networks within hours.

The opportunity for hackers in a supply chain attack is immense, but it can also be short-lived.  Many companies have cybersecurity software in place to detect unusual network activity – while it can’t catch every intrusion, it only needs to catch a few before security experts determine that there’s an active attack and begin to track down the source.  At security-conscious companies, IT teams will be installing updates within days to patch the vulnerability and remove any backdoor access that was set up during the attack.

Is It a Trend?

For federal agencies and major corporations, The SolarWinds hack was the (much) more significant of the two. It was a tremendously resource-intensive hack that multiple US intelligence agencies have attributed to the Russian government.

What made the Passwordstate hack so alarming was that it was a copycat attack – and now other hacking groups know it doesn’t take the resources of a foreign government to execute this type of attack.  Any software company (and especially those with thousands of users) is now a target for a supply-chain malware attack.

The next few months and years will determine if software distribution becomes a security risk for end-users, or if software companies are able to better secure their networks to prevent these types of attacks going forward.

How Do I Defend Against Them?

Because these attacks targeted the product update cycle, they were dormant before hitting thousands of end-users at nearly the same time.  It’s unlikely that antivirus or anti-malware products will detect this type of attack.

The best chance to detect these attacks are software tools that detect unusual activity on your network.  If you’re one of the unlucky end users that does get compromised, damage can be mitigated by tools that can quickly detect and remove any “backdoor access” that the hacked software creates on your network.

Another way to reduce exposure to these attacks is to delay software updates when possible.  This was a smart practice for most companies even before these new risks, because a one-month delay often allows enough time for early users to report bugs and for the developer to fix them and issue an updated patch.  Delaying updates now has the additional benefit of allowing time for updates compromised with malware to be detected and pulled offline.  So unless a software patch addresses known security concerns or fixes a major problem you’re encountering, it’s best to let someone else test out that new update before you do.

To learn how WingSwept can help your business best manage an expanding range of security risks, call us at 919-779-0954 or email us at Team_WingSwept@WingSwept.com.