By: Daniel Zeldis, Director of Cyber Services
In recent months, the world has woken up to the alarming reality of supply chain vulnerabilities, which can cripple entire organizations in a single strike. What can we learn from these incidents, and how can you protect your business from becoming the next target?
Recent incidents, such as the CrowdStrike outage that disrupted vast portions of the Internet, have highlighted the dangers of our dependency on supply chains. While this specific event wasn’t a cyberattack, its impact was similar. In a supply chain attack, the attacker doesn’t directly target the main organization but instead goes after one of its suppliers. These suppliers, often smaller and less equipped with robust defenses, serve as a gateway to the true target. By exploiting vulnerabilities in these partners, attackers can infiltrate the larger organization.
There have been numerous attacks of this type, and they are becoming increasingly common. One of the most notable examples is the 2013 Target attack, where the retail giant was breached through its HVAC vendor—a small company with minimal protection but with trusted access to Target’s systems.
The Expanding Reach of Supply Chain Attacks
In 2020, the world faced an even more sophisticated and patient attack: SolarWinds. Unlike the one-to-one nature of the Target breach, the SolarWinds attack was one-to-many, impacting around 30,000 clients, many of whom were in the security and government sectors. The attackers gained access by exploiting an update delivered unwittingly by the company.
More Than Just Cyber Attacks
Even though the CrowdStrike incident was not technically a cyberattack, its impact was even greater. Hundreds of thousands of systems were disabled, halting services for companies and government entities alike. In this case, it was a faulty driver, but its effects resembled a massive denial-of-service attack.
Mitigation: What Can Be Done?
So, how can we defend ourselves against these types of attacks? We cannot possibly vet every supplier down to the smallest detail, especially when they have their own suppliers, and so on. However, there are steps we can take to protect what is within our control. Key measures include privileged access management, multi-factor authentication (MFA), temporary limited access, continuous verification, and zero-trust technologies. While these are buzzwords, they are effective strategies in mitigating risks.
Honeypots: A Simple Yet Powerful Defense
One especially valuable tool, particularly for organizations lacking extensive cybersecurity resources, is the use of honeypots and honeytokens. These tools act as tripwires, set up within an organization’s systems but never accessed by legitimate users. Any interaction with these assets signals a potential attack and can help organizations respond swiftly, minimizing damage before it spirals out of control.
The Bottom Line: Adapt or Fall Behind
Supply chain attacks are a fact of life. While we may not have full control over our vendors' security practices, we can and should strengthen our own defenses. Implementing these technologies sooner rather than later could be the difference between a minor incident and a catastrophic breach.
Further reading:
1- https://edition.cnn.com/2024/07/24/tech/crowdstrike-outage-cost-cause/index.html
2- https://www.cloudflare.com/learning/security/what-is-a-supply-chain-attack/
3- https://krebsonsecurity.com/2023/12/ten-years-later-new-clues-in-the-target-breach/
4- https://www.cisecurity.org/solarwinds
