aitor azpiroz

 

Aitor Azpiroz, Cyber Respond Lead at Holcim EMEA Digital Center, shares with us what supply chain attack is and some examples that show the challenges organizations face and how cyber defences need to be developed and maintained.

 

WHAT IS A SUPPLY CHAIN ATTACK AND HOW TO PREVENT IT?

 

Supply chain attack: what is and how it can affect business

 

In March this year, 3CX, an international VoIP IPBX software developer, announced that its desktop application client had been compromised in a supply chain attack aimed at deploying malware that could have affected any of the 600,000 companies worldwide and over 12 million users that use the application daily.

The European Union Agency for Cybersecurity (ENISA) defines the Supply Chain in cybersecurity as the ecosystem of processes, people, organizations, and distributors involved in the creation and delivery of a final solution or product that involves a wide range of resources (hardware and software), storage (cloud or local), distribution mechanisms (web applications, online stores) and management software.

A supply chain attack is a type of cyberattack that targets a supplier (entity that supplies a product or service to another entity) and its assets, which is then used to attack another supplier or the final customer (entity that consumes the product or service produced by the supplier). Both the supplier and the customer have to be targets. 

Historically, and still nowadays, the term supply chain attack has referred to attacks against trusted third-party suppliers breached in order to gain access to their customers. This is what happened in 2013 to Target, a US retail corporation, where the attacker accessed their systems by means of an HVAC contractor account, which ended up with the theft of 40 million credit and debit records and a $18.5 million multistate settlement.

This threat has evolved in recent years and today it also involves software developers and suppliers, given the fact that modern software is written by continuously reusing open source code from public repositories, proprietary code from software vendors and third-party APIs, among others. The attackers break into these developers and repositories in order to change source code and hide malware in build and update processes.