What is motivating the rise in supply chain attacks?
According to the European Union Agency For Cybersecurity (ENISA), the number of supply chain attacks last year almost quadrupled, no doubt kickstarted by the infamous SolarWinds breach that went on to impact tens of thousands of government and private organizations. Microsoft President, Brad Smith, even referred to the SolarWinds breach as the “largest and most sophisticated cyber attack the world has ever seen.” It certainly appears to have opened the floodgates for other threat actors to try their hand. But what is motivating such attacks, and does that have any bearing on how they are evolving?
Our session started with Hugh putting himself into the shoes of a threat actor. Are they going to look at the supply chain first and then take an opportunistic approach to carrying out an attack, or will they choose a high-value target and work backward through the supply chain to find a weak link? Unfortunately for businesses, most cybercriminals don’t discriminate between these two approaches. They will use either strategy to hit their mark or uncover a vulnerability they know could open the door to countless further attacks.
Advanced persistent threats (APTs), which were discussed in our last cybersecurity briefing, are unique in that they are usually quite organized and will have a very specific target in mind that they will seek to infiltrate over long periods of time, often lying dormant or quietly siphoning off data until they strike or leave unnoticed. APTs usually have motives that extend beyond mere financial gain, such as the politically motivated Colonial Pipeline attack in 2021. These are the kinds of supply chain attacks that government organizations and public entities need to be mindful of. For regular businesses, however, opportunistic software supply chain attacks are far more common. Cybercriminals will often focus their attention on large software providers whose products underpin critical business infrastructure or support the development or delivery of products, derailing businesses and spiraling them into chaos.