Securing Weak Links in Supply Chain Attacks

Securing Weak Links in Supply Chain Attacks

We’ve all heard the term, “you’re only as strong as your weakest link.” Whether talking about a tug of war on the playground, a sports team, or a business, this rings as true as ever.

Every business relies on a series of suppliers and vendors—be it the dairy farm supplying milk to the multinational food manufacturer, or the payment systems that retailers use. These links form supply chains that every business, large and small, deal with. There is simply no way around it. With an increasingly complex series of vendors and workflows comes an increased risk.

What is a supply chain attack?

A supply chain attack is a cyber attack that occurs when a threat actor compromises your system through a third-party partner that has access to your systems and data. Typically, the vendor with the weakest cyber security is targeted.

A survey by Anchore found that 3 out of 5 companies were exposed to a supply chain attack in 2021 due to the global nature of business and the amount of different technology and vendors used.

An attack on your provider affects you too

The last two years have seen a few notable supply chain attacks. In late 2020, SolarWinds, an IT software provider to many U.S. federal government agencies and private sector companies, experienced a security breach. Its IT inventory management product was laced with malware which led to a further compromise of at least 18,000 of its clients who found signs of the malware in their systems.

Less than six months later, in May 2021, a major U.S. oil company, Colonial Pipeline, suffered a ransomware cyber attack; bad actors demanded millions in Bitcoin to restore the computerized systems that were compromised by the hackers. It was reported that an employee’s virtual private network (VPN) account that didn’t have multi-factor authentication had been breached, allowing the attackers access to the company’s network. The attackers made away with 100 GBs of data, and encrypted IT systems in exchange for ransom. Fearing an attack on its operations technology that controls it fuel distribution, the company shut down its entire pipeline system. The company transports about 2.5 million barrels of fuel daily, and this sudden shutdown not only drastically reduced supplies, but news of it resulted in panic buying that exacerbated fuel shortages. Many sectors rely on fuel and the impact of this attack was unprecedented.

And if that wasn’t enough, in October 2021, Schreiber Foods, the U.S.’ largest cream cheese manufacturer, was disrupted by a ransomware attack that impacted its ability to “receive raw materials, ship product, and produce product.” This is a perfect example of the impact of supply chain events due to timing—it occurred at the height of the cream cheese season. On top of existing pandemic-driven challenges in manpower and logistics, the attack resulted in price spikes in cream cheese due to low production supply (and short shelf life of the cream cheese), and also has farther-reaching impact on retail and food service sectors.

Domain security as your first line of defense

As the above cases illustrate, common in the attacks were breaches due to malware and ransomware. Research shows that phishing and related malware attacks most commonly occur from a compromised or hijacked legitimate domain name, a maliciously registered and confusingly similar domain name, or via email spoofing. A cleverly social-engineered domain name could trick even the most discerning user into unwittingly clicking on a link that inadvertently installs malware or ransomware. By employing domain security controls to prevent the abuse of the domain name and domain name system (DNS), companies can reduce the risks of such breaches.

Domain security is a critical component to help mitigate cyberattacks in the early stages—your first line of defense in your organization’s Zero Trust model.

Preventing a supply chain attack

All industries are susceptible to a supply chain attack, and there certainly are measures companies can take to mitigate the threat.

  • Know your vendors. First and foremost, audit your supply chain vendor. Choose your vendors carefully, and only use those that are enterprise-class with robust security practices and policies.
  • Control access. Keep track of access to key third-party applications, as well as limit network access to third-party tools wherever possible. Understand the subcontractors your third-party vendors have that could potentially introduce a fourth-party risk.
  • Follow government advisories. The scale and severity of the recent incidents have prompted many government agencies and security firms to release frameworks and best practices to defend against such attacks. Follow the guidelines and ensure your vendors follow them too.
  • Train your employees. According to the Cybersecurity and Infrastructure Security Agency (CISA), most cyberattacks—including ransomware and business email compromise (BEC)—begin with phishing. Train employees on security awareness to reduce this risk.
  • Enhance your domain security posture. Use a Domain Security Checklist based on a defense-in-depth approach to enhance your security posture.