redmad.eu

Understanding the Threat: Supply Chain Attacks

In today’s interconnected digital landscape, organizations face a multitude of cybersecurity threats, with supply chain attacks emerging as a particularly insidious and pervasive danger. As recent high-profile incidents have demonstrated, attackers are increasingly targeting the supply chain as a means to infiltrate and compromise even the most well-defended organizations. Supply chain attacks are a major concern for modern organizations, posing a sophisticated and indirect threat to data, systems, and operations.

What is a Supply Chain Attack?

A supply chain attack occurs when cybercriminals exploit vulnerabilities in the supply chain to gain unauthorized access to an organization’s systems or data. Rather than directly targeting the organization itself, attackers focus on compromising third-party vendors, suppliers, or service providers that have trusted relationships with the target. By infiltrating the supply chain, attackers can potentially access sensitive information, deploy malware, or conduct other malicious activities with far-reaching consequences.

Types of Supply Chain Attacks

Software Supply Chain Attacks exploit vulnerabilities in development cycles. Attackers compromise developer accounts, inject malicious code into libraries, or tamper with updates. Real life Examples: SolarWinds, Codecov.
Hardware Supply Chain Attacks manipulate manufacturing, introducing malicious firmware or counterfeit chips, impacting device fleets.
Third-Party Service Provider Attacks exploit vulnerabilities in vendors or service providers, leveraging trusted connections, such as managed service providers or cloud platforms, to gain access to the target’s network.
Watering Hole Attacks target industry or organization frequented websites. Malicious code infects user devices, enabling access to corporate networks via compromised machines.

How Do Supply Chain Attacks Work?

Supply chain attacks can take various forms, but they often involve inserting malicious code into trusted vendor’s products. For example, attackers may compromise software updates or install backdoors in hardware devices during the manufacturing process. Once distributed, attackers exploit access to carry out data theft, espionage, or system manipulation.

Mitigating the Risks of Supply Chain Attacks

While supply chain attacks pose significant challenges for organizations, there are several steps they can take to mitigate the risks:

Vendor Risk Management: Implement robust vendor risk management practices by conducting thorough security assessments of third-party vendors and continuously monitoring their cybersecurity posture.
Supply Chain Transparency: Enhance supply chain transparency by establishing clear communication channels with vendors, understanding supplier dependencies, and identifying potential vulnerabilities.
Secure Software Development: Promote secure practices among vendors, such as code reviews, vulnerability assessments, and secure coding standards.
Continuous Monitoring and Detection: Deploy advanced threat detection mechanisms, monitor for suspicious activity, and detect unauthorized access.
Incident Response Planning: Develop and test incident response plans for rapid detection, containment, and mitigation of breaches.

Conclusion

Supply chain attacks represent a significant and evolving cybersecurity threat that organizations cannot afford to overlook. By understanding the different types, tactics, and impacts of supply chain attacks, organizations can implement effective mitigation strategies and improve their overall cyber resilience. Remember, staying informed and vigilant is crucial in today’s complex threat landscape.

Additional Resources

Secure your Online Accounts with Strong Passwords and 2FA

A 2020’s survey by “Digital Guardian”, reveals that an average person “owns” a few dozens of online accounts. Therefore, they have to maintain these online accounts and usually remember, numerous passwords for social media, online shopping, financial and email accounts.

Weak Passwords

People usually use weak passwords or even the same password across various platforms for flexibility, which is completely wrong, because in case of a single account compromise, an attacker can use the same password to login to all the victim’s accounts. If the target uses a weak password, it makes the attacker’s life easy.

An attacker can easily “guess” a weak password, by using brute force, or dictionary attack techniques. Examples of weak passwords:

password is same as the username
password is comprised of your name or surname, or even family’s member name
you generate a password using birth dates, pet names, telephone number, etc.

Password cracking techniques, such as Brute Force Attack, Dictionary Attack, or even Social Engineering, can be utilizes to easily crack a password.

Strong Passwords

To protect from attackers, users must enforce strong passwords. A strong password can be a combination of lowercase and uppercase characters, a special character and numbers. Its length should be over 15 characters, if possible.

Passphrase instead of Passwords

A user can use a passphrase similarly to a password. The more the length, the better. For instance, the phrase: “I believe I can fly!”, contains 20 characters, including spaces and a combination of uppercase, lowercase and a special character. You can easily change this phrase to “1 believe 1 can fly!”, to include numeric values as well to make it a very secure password and simple to memorize.

Password Length VS Complexity

Jason Fossen, states that adding more length is better than adding more complexity. In his spreadsheet, he displays the maximum days need to crack a random passphrase, in relation with the character set used in that passphrase. A password comprised of sixteen lowercase characters, statistically needs more days, to be cracked than an eleven characters password comprised of lowercase, uppercase, numbers and symbol. The first one would be much easier to memorize, as well. Different passwords should be used for every individual account.

Password Managers

Password Managers come as the solution for the password memorization problem. KeePass is an open source and light-weight password manager that can do the job at home and at work as well.

2FA

2FA or Two-Factor authentication or MFA, provides an extra layer of protection for your online accounts, by involving an extra mechanism of proving user’s identity. It is not impossible to hack an account with 2FA enabled, but it is extremely difficult. “The Verge” posted an excellent article on how to setup 2FA on your online accounts, which includes guides on enabling 2FA across the most popular platforms, such as Amazon, Google, Microsoft, PayPal, etc. Microsoft states that 2FA can block over 99.9 percent of account compromise attacks.

Analyzing web server (IIS) logfiles with logparser

A useful tool to analyse IIS logilfes is Log Parser, a versatile tool that provides universal query access to text-based data such as log files.

Below are a few examples of Log Parser commands.

Number of hits by an IP address, sorted by number of hits, descending.

logparser "select c-ip, count(c-ip) FROM '1.log' group by c-ip order by count(c-ip) DESC"

Number of hits by an IP address, sorted by number of hits, descending, with output to a file.

logparser "select c-ip, count(c-ip) INTO results.txt FROM '1.log' group by c-ip order by count(c-ip) DESC"

Traffic generated by an IP, sorted by number of requests

logparser "select c-ip, count(c-ip) as requestcount FROM '1.log' group by c-ip order by count(c-ip) DESC"

Traffic generated by an IP, sorted by number of requests

logparser "select TO_LOCALTIME(QUANTIZE(TO_TIMESTAMP(date, time), 3600)), count(*) as numberrequests from 'L:\tmp\lll\191\u_ex151110.log' where c-ιp='23.253.238.9' group by TO_LOCALTIME(QUANTIZE(TO_TIMESTAMP(date,time), 3600))"