We will be happy to advise you!

Hotline:
+49 (0) 40 38 90 710

E-mail:
info@secion.de

Contact form

Attacks on the software supply chain are on the rise: How to act now

by

Reading time: minutes ( words)
Attacks on software supply chain - how to protect yourself

The recent study "Software Supply Chain Security Review" by Argon Security proves: Hackers are increasingly targeting the software supply chain. In 2021, cybercriminals launched three times as many attacks on the software supply chain as in the year before. Among other things, the attackers exploit vulnerabilities in open source solutions and in the CI/CD pipeline to inject malicious software and manipulate applications. And it is by no means only large corporations that are at risk, but also small and medium-sized enterprises.

What the study also shows: Attacks on the software supply chain are only so successful because security measures in the area of software development are still clearly deficient. If you are now getting weak in the knees, we can reassure you: Your supply chain security can also be upgraded with new reliable solutions.

What actually is a software supply chain?

Hardly any technology company today develops all the software components for its products itself. Just as automobile manufacturers have their parts manufactured and delivered by suppliers, software companies are also increasingly purchasing components from third-party suppliers and processing them in their own solutions. The purchased components can be, for example, prefabricated payment systems, management platforms or code components created by several developers.

The advantage of such a software supply chain based on division of labor is obvious: you can accelerate the development of your products and bring them to market faster and more cost-effectively. The major disadvantage, however, is that it is difficult for you to monitor external production processes. The risk of already infected software components entering your company and your products unnoticed is relatively high. The more complex a supply chain is, the lower its resilience.

The danger lurks in the update

In a software supply chain attack, cybercriminals manipulate the production cycle of job software and cause widespread damage with malicious code. The attacks not only lead to the compromise of your corporate network, but also affect your customers.

Update files contaminated with malware are particularly common. If these are installed by countless end users of a service or a central platform, the attackers gain access to data of thousands of users in the worst case. This profitable dispersion is precisely why supply chain attacks are so popular with hackers.

The perfidy of software supply chain attacks is that they are difficult to trace and go undetected for a long time. Hackers use stolen code-signing certificates to disguise their manipulations and gain the trust of users. The most prominent cases in recent years include the SolarWinds hack and the supply chain attack on Click Studios' password manager Passwordstate.

These are the attacks you should expect

According to Argon Security's study, cybercriminals predominantly carry out their attacks in three areas of the supply chain. The most common attack scenarios include:

1. Attacks on open source solutions.

To save time and money, the use of open source code is commonplace in software development today. However, open source code often has security vulnerabilities that cybercriminals like to use to inject malicious code and spy on data.

Two main methods can be observed: First, hackers gain access to applications via existing vulnerabilities in packages and launch their attack there. Second, they inject malicious code into open source solutions or self-developed software, which then enters the build process via pipeline tools or programmers.

2. Attacks on pipeline tools

CI/CD pipeline tools are essential for efficient software development - however, they too can become targets of supply chain attacks. For example, hackers exploit faulty configurations and security vulnerabilities in build agents or code management systems to gain access to applications, source code and manufacturing processes. It is also not uncommon for attackers to target package registry manipulation to inject compromised source code.

3. Attacks on source code repositories

Another major threat, according to the study, comes from source code repositories. If developers upload faulty code to the repository, this poses an immediate risk to security and an opportunity for attackers. Degraded code quality, common misconfigurations and security vulnerabilities, and sensitive data in the code are just a few of the problems that are becoming more prevalent in customer environments. Eliminating the multitude of complications often requires lengthy and costly cleanup projects.

How to protect yourself from software supply chain attacks

You see: Attacks on the software supply chain are particularly insidious and can go unnoticed for many months. During this time, they cause massive damage that not only puts you in financial trouble, but also permanently ruins your company's reputation. Since traditional reactive security solutions are no longer sufficient for reliable supply chain security, new approaches are needed. Instead of reacting only when it is too late, you should actively protect yourself.

24/7 security monitoring has proven to be an extremely effective measure for defending against supply chain attacks. This allows your company's network - including printers, smartphones and IoT devices - to be scanned for suspicious activity around the clock, so that a compromise is immediately visible and your IT team can take immediate countermeasures.

This is exactly the kind of proactive threat hunting and incident response solution Allgeier secion offers with its Active Cyber Defense (ACD) service - which actively searches for conspicuous behavior patterns. In this way, it is possible to detect activities of compromised software originating from third-party providers at an early stage. The preventive system thus enables you to initiate countermeasures quickly and in a targeted manner - thus offering your company and your customers secure protection against supply chain attacks.

Conclusion

The fact that attacks on the software supply chain represent one of the greatest threats to your IT security now and in the future has been impressively demonstrated by Argon Security's study. However, the trend towards increasing attacks on the software supply chain was already clearly evident beforehand, when reports of successful hacks repeatedly circulated through the media. Although preventive measures are more important than ever, the IT departments of many companies still do not seem to have realized the need for active action. This is a fatal mistake: Those who do not seriously address the issue of supply chain security now are negligently risking damage to their business processes and customers - even though effective defense against supply chain attacks should have been standard practice long ago. With proactive security monitoring, you can ensure that compromises of source code or entire applications are uncovered promptly, without great effort and at relatively low cost.

Need help upgrading your IT security for 2022? Contact us!

By clicking on the "Submit" button, you confirm that you have read our privacy policy. You give your consent to the use of your personal data for the purpose of contacting you by Allgeier secion, Zweigniederlassung der Allgeier CyRis GmbH.

* Mandatory field

Go back

Related articles

QakBot malware: Warning of increasing attacks

Warning of rising attacks with QakBot malware

For several days now, there has been a strong accumulation of successful compromises by the "QakBot" malware (also known as "QBot" and "QuackBot") worldwide. We have also already identified successful attacks as part of our ACD monitoring. After infection, criminals can gain access to online banking accounts, leak user data, and reload further malware. As one measure to mitigate the risk, we urgently recommend adjustments to the Group Policy Objects (GPO).

New ransomware trend: Why criminals increasingly rely on intermittent encryption

Intermittent encryption: the new ransomware trend

Cybercriminals are true masters at constantly adapting their attack mechanisms to effective IT security measures. New tools and iterative changes to existing malware are used to mercilessly exploit security vulnerabilities. Among the numerous threats, ransomware stands out as one of the biggest. More and more companies have to face extortion Trojans. A completely new threat called LockFile now relies on intermittent encryption. LockFile not only encrypts much faster than previous ransomware, but also bypasses security solutions that work reliably. This article shows why criminals are increasingly relying on intermittent encryption and how companies should react to the new threat.

secion's assessment of the security threats to companies following the outbreak of the war in Ukraine

How the Ukraine war affects corporate IT security

Due to the war in Ukraine, secion provides an assessment of the threat situation for companies and examines the question of whether increased Russian attacks on companies in Germany, Austria and Switzerland can be identified. There is currently no evidence of an acute increase in the threat posed by Russian state actors in Western Europe, but there is increased public awareness of these cyberattacks. In addition, "third-party actors" are creating a new dynamic.