Powered by MOMENTUM MEDIA
Powered by MOMENTUM MEDIA

Website Notifications

Get notifications in real-time for staying up to date with content that matters to you.

Op-Ed: The future of supply chain cyber attacks and how to be prepared

Glen Maloney

The high-profile SolarWinds SUNBURST cyber attack that affected organisations across the globe has shone a spotlight on the importance of defending against supply chain intrusions.

The high-profile SolarWinds SUNBURST cyber attack that affected organisations across the globe has shone a spotlight on the importance of defending against supply chain intrusions.

These attacks are perpetrated by criminals looking to gain access to protected information or damage an organisation by targeting less-secure elements within a supply chain. While they are nothing new for SecOps and SOC teams, recent events have served to focus attention on how they might be used in the future.

Advertisement
Advertisement

The SolarWinds attack was very well planned and carefully executed. Attackers accessed the SolarWinds development servers and inserted source code that would obscure itself in legitimate Orion software updates.

The attackers then established a covert communications channel and moved stealthily within the target environments to find the most valuable data. This was then exfiltrated without detection.

While this approach clearly works, there are a number of easier methods that can be used. These methods include:

1. Open-source software (OSS) vulnerabilities

Many applications used by organisations are built using readily available open-source libraries and packages to save developers time and effort, and most programming languages use package managers to source and update code.

For example, the popular Node.js runtime engine, which runs programs written in JavaScript, utilises node package manager (npm) to provide hundreds of thousands of free and reusable code packages.

The npm platform uses an online database to search for packages suitable for given tasks while the package manager resolves and automatically installs dependencies. Similarly, the Python programming language uses the Python Package Index (PyPI) repository to store and distribute updates to dependent programs.

Unfortunately, package repositories represent a reliable and scalable malware distribution channel for attackers. Expect to see this weakness exploited in future attacks.

2. Dependency confusion

Dependency confusion can occur during library calls, which are a feature in many modern programming languages that allows programmers to insert dependencies on external code libraries or internal package feeds into their code.

When library dependency calls aren't well defined, or the default action is too permissive or not well understood by the programmer, an organisation could be vulnerable to software supply chain attacks.

For example, if a programming language specifies using the latest library version, an attacker might simply upload an infected library version of the same name but with a newer date stamp to an external repository such as GitHub. Now when the library call is made, the program will download the latest attacker-modified software to the unsuspecting server or application.

3. Typo-squatting

Although more popularly associated with URLs that are created to mimic common typos that send web surfers to fake sites, typo-squatting can also be used to mimic popular OSS package names. When a careless programmer mistypes a particular component's package name, they might be downloading malicious software.

All the attacker has to do is to guess the most popular misspellings and populate the OSS repositories with impostor packages. Alarmingly, industry research shows that in some cases downloads of an illegitimate package comprise almost 30 per cent of the total downloads of the legitimate item.

Be well prepared

As well as being aware of potential attack methods such as these, organisations need to take further steps to minimise their chance of falling victim to a supply chain attack.

One way of being prepared is to deploy effective network detection and response (NDR) tools throughout the IT infrastructure, including any cloud resources that are being used. NDR tools can help security teams identify suspicious traffic within the infrastructure that could be evidence of an intruder.

Taking such steps early can significantly reduce the chance of falling victim to a supply chain attack. Security teams can be confident they will be notified of any suspicious activity and be able to quickly take the actions required to neutralise the threat.

It’s clear that these types of attacks will remain popular among cyber criminals for some time to come. Make sure your infrastructure is prepared.

Glen Maloney is the ANZ regional sales manager at ExtraHop.

Op-Ed: The future of supply chain cyber attacks and how to be prepared
Glen-Maloney-3-csc.jpg
lawyersweekly logo

more from cyber security connect

Corne Mare
Jun 17 2021
Op-Ed: How CISOs can elevate the security posture of critical infrastructure
Almost all organisations operating in today’s hyperconnected digital society understand the import...
Jun 16 2021
5G Networks teams up with DXN
5G Networks has announced a new service agreement between 5GN Wholesale and modular data centre oper...
Jun 16 2021
Australian government bolsters capability to counter cyber crime
The government aims to support Australian organisations and individuals from cyber compromise under ...