Supply chain attacks

Supply chain attacks are cyber threats in which attackers infiltrate a target organization by compromising its suppliers or vendors. Instead of directly attacking the target organization's systems, the attackers exploit vulnerabilities in the software or hardware provided by third-party suppliers. Once the attackers gain access to the supplier's systems, they can implant malicious code or backdoors into the products or services, which are then delivered to the target organization as part of their supply chain.

• Unusual Behavior in Third-Party Software or Services: Unexpected behavior or unauthorized access within third-party software or services could indicate a compromise.
• Suspicious Network Activity: Monitor network traffic for unusual patterns, such as connections to unfamiliar or suspicious domains or IP addresses.
• Unexpected Changes in Product Functionality: If a product or service suddenly behaves differently without explanation, it may have been tampered with.
• Unexplained Data Exfiltration: Detecting data leaving the network without authorization could signify a supply chain attack.
• Warnings from Security Tools: Alerts from intrusion detection systems or other security tools may indicate a compromise within the supply chain.

• Vet Suppliers and Vendors: Conduct thorough due diligence on all third-party suppliers and vendors before engaging with them.
• Implement Security Standards: Require suppliers to adhere to security standards and protocols to ensure the integrity of their products or services. See NIST SP 800-161 below
• Monitor Supply Chain Activity: Continuously monitor and assess the security posture of suppliers and vendors throughout the supply chain.
• Implement Least Privilege: Limit access privileges to only what suppliers and vendors need to perform their functions.
• Regular Security Audits: Conduct regular security audits and assessments of the supply chain to identify and address vulnerabilities.
• Use strong, unique passwords and enable multi-factor authentication. See Cybercrime Prevention.
• Keep software and security patches up to date. 

If you suspect you've fallen victim to a social engineering attack:

• Report the incident to local law enforcement, your security team, or the IT department.  See How to Report Fraud. 
• Isolate and contain the affected systems to prevent further spread of the attack.
• Determine the extent of the breach and identify the compromised components within the supply chain.
• Remove malicious code or backdoors from affected systems and restore them to a secure state.
• Keep stakeholders informed about the incident and any actions being taken to remediate the situation.
• Implement additional security measures, such as increased monitoring and improved access controls, to prevent future supply chain attacks.

References:

• Cybersecurity and Infrastructure Security Agency (CISA). (2023). Information and Communications Technology Supply Chain Risk Management. Retrieved from https://www.cisa.gov/information-and-communications-technology-supply-chain-risk-management. Take the free online FedVTE course:  Cyber Supply Chain Risk Management for the Public.  This three-part course introduces what a supply chain is, how adversaries target supply chains and steps that individuals and organizations can take to improve supply chain security. No log-in is required.
• Cybersecurity and Infrastructure Security Agency (CISA). (n.d.). Securing the Software Supply Chain: Recommended Practices Guide for Customers and accompanying Fact Sheet. Retrieved from https://www.cisa.gov/resources-tools/resources/securing-software-supply-chain-recommended-practices-guide-customers-and.
• National Institute of Standards and Technology (NIST). (2024 March 28). Cybersecurity Supply Chain Risk Management. Retrieved from https://csrc.nist.gov/Projects/cyber-supply-chain-risk-management.
• National Institute of Standards and Technology (NIST). (2022 May). NIST SP 800-161 Rev. 1 Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations. Retrieved from https://csrc.nist.gov/pubs/sp/800/161/r1/final.