In a recent report, Microsoft has stated that supply chain attacks have become an increasingly pressing concern for cybersecurity professionals.
What are Supply Chain Attacks?
Computer software is constantly updated by developers. These are released to the public through cycles of patches. A supply Chain Attack is a type of cyberattack that infiltrates a victim’s computer through one of these updates.
By hacking into a software developer’s update code before it is released to the public, cyberattackers are able to avoid detection by antivirus protocols that are designed to allow these updates from trusted developers through their firewalls. In the past few years, this type of cyberattack has become more and more prominent, as illustrated by these following examples.
In June 2017, more than 10 000 computers in Ukraine were infected by a ransomware known as Petya. Incidentally, ransomware is a type of malware that locks sensitive data behind ‘ransomwalls’ and demands payment for its safe release. In its investigation, Microsoft uncovered that the attack originated from a hacked patch of the tax-accounting software MEDoc. It is now known that the attackers had illegally inserted a line of malicious code into one if its patches.
Three months later in September 2017, CCleaner, a software that unclutters old computer files, was also hacked using Supply Chain. The software’s developer Piriform stated that the malware inserted into its code stole sensitive data from victims’ computers and sent it to the cyberattacker’s computer.
A Growing Threat towards Cloud Computing
As the percentage of computers relying on cloud computing and online data storage grows, so too does the threat of cyberattacks such as Supply Chain. We are already seeing devastating damage being done to cloud servers with this kind of cyberattack. For example, Docker Hub, a cloud-storage service, was hacked in mid-2018 – an attack that lead to over 5 million infections.
Because it is often difficult for antivirus software to detect these attacks, Microsoft suggests that companies need to develop countermeasures to handle post-infection scenarios to protect themselves against Supply Chain cyberattack. An example of this is using network segmentation, which involves keeping critical computers permanently disconnected from the company network, so that it is not in danger even if a virus were to infect the main server.
Do you need help setting up or protecting your servers? Our technicians at GigE can help. Call us today at +1 888 366 4443 today!