Supply chain hacking

Software supply chain attacks: A growing threat

In the evolving world of cyber-security, supply-chain attacks are a proven threat that need to be examined.

Author:

Stephen Fowler, Director of Technologies

Stephen writes about the increasing threat of software supply chain attacks. If you would like to talk about your own cyber security needs, please email him at sfowler@omnicybersecurity.com

We’ve seen how disruptive a cyber-attack against a major software supplier can be. Notably, attackers recently targeted IT giant Cisco after a threat actor launched a phishing attack on an employee (it wasn’t Omni, honest).  Cisco said it became aware of a potential compromise on 24th May, which targeted its corporate IT infrastructure, rather than 

An investigation found the employee’s credentials were compromised after an attacker gained control of a personal Google account where details saved in the victim’s browser were being synchronised. 

In 2020, the attack on SolarWinds, strongly suspected to be the Russian foreign intelligence service, was one of the most destructive supply chain attacks in history. Apparently, the hackers infiltrated the software-building process and infected legitimate software updates with malware. This affected a chain of organisations including the US Department of Defence and Microsoft.

Unfortunately, this is likely to be just a taste of what’s to come, as more and more organisations turn towards software as a service and cloud-based technology solutions.

Your own networks could be as resilient as possible to cyber-attacks and pass Cyber Essentials certifications with flying colours, but if one of your suppliers gets their network cracked by hackers, they then have an easy way into your network. Considering the cyber-security of your business’ partners is just as important in protection from supply chain attacks as maintaining your own cyber defences 

Keeping on top of cybersecurity risk is a constant challenge. Threats including phishing, malware and ransomware are continually evolving and adapting, as cyber criminals regularly find new, innovative ways to conduct malicious hacking campaigns, break into computer systems and find a way to stay there.

This combination is proving difficult for all our customers to deal with, resulting in security holes in networks. These flaws are relatively simple elements of cyber-security to manage, and can be found with regular penetration testing, but are ones that many businesses are still attempting to deal with, as we are all challenged for resources, people, and experience.

To finish with a bit more bad news, the way in which cyber-security and cyber-security threats keep evolving, means there is a significant risk that many businesses will be left behind and dangerously exposed as technology moves forward — and cyber threats move forward with it.

The cyber-security threats of tomorrow are those that we should all be thinking about today. We certainly are at OmniCyber.

Contact us

Related Articles