Most IT departments did not consider software supply chain attacks a serious threat until the Sunburst SolarWinds incident in December 2020. This event highlighted how organizations can be forced into a position of weakness by a third-party vendor. If an attacker can insert a vulnerability into a vendor’s software that gives them a secret back door entrance into their data system – the possibilities for destructive attacks are limitless. It’s by these means that an attacker can affect software at three critical stages in the supply chain or software lifecycle.
These are the three most common scenarios in a software supply chain attack and what you need to know about them.
The vendor’s source code is altered so that all official software deployed by the vendor has an inherent vulnerability. It’s incredibly difficult for an attacker to infiltrate a data system in this way because they must have influence over the vendor or access to the source code, in which they typically don’t. In this scenario the vendor is really the only one capable of defending and protecting their source code repository.
During a software update process, a vulnerability is introduced that doesn’t exist in the vendors original source or object code. To protect against this type of attack the vendor needs to provide a way to securely deliver software updates as well as a method to verify that the software is authentic and unmodified. Although it is considered best practice to verify a vendor’s security protocols during the evaluation and selection process, the vendor is ultimately responsible for maintaining the security and integrity of the supply chain.
During the delivery phase, the authentic software is manipulated, altered, or substituted in a way that adds a vulnerability between the time the software is shipped from the vendor and received by the end user. Protecting against a delivery attack requires the customer to ensure that they are buying software from an authorized distributor, and that they have ways to validate the integrity and authenticity of the software delivered.
In each of these scenarios it’s critical to deploy a solution within your environment that’s capable of monitoring access to data and providing actionable insights into the activity. For example, if attackers breached your security protocols and gained access to your network, you would need to know which account accessed what file, from what device, and at what time. Regularly monitoring this information would enable you detect a breach and shut it down for prompt reporting on data exposure and compromise.
Looking back, the SolarWinds incident revealed that most organizations were unable to determine if they were the victim of a breach eight months prior. They only knew that they had installed infected software. At RackTop, we are providing a zero trust solution for your data to give you timeline visibility and active defense capabilities to revolutionize your cyber resiliency.