The recent attack on SolarWinds has highlighted how dangerous supply chain threats can be. However, besides this mega-breach, there have been several other notable attacks that have occurred across the globe.
In the last two months, several supply-chain attacks have been reported, in which attackers had targeted third-party vendors working for the victim organization. In such attacks, threat actors usually abuse trust in code signing, hijack software updates, poison open-source code, and target app stores.
- Multiple organizations have been targeted, including Nullsoft, Pima County Government, IObit, Ministry of Health (Mongolia), and Vietnam Government Certification Authority.
- One of the most affected regions is North America, followed by South America, the Middle East, and Southeast and Central Asia.
- Some well-known threat actors were observed to be using supply chain attacks, including Lazarus, Fox Kitten, Thallium, and China-based LuckyMouse, TA428, ShadowPad, and Winnti.
- In addition, these supply chain attacks were observed to be using several malware threats identified as Korplug, HyperBro, PhantomNet, and SManager, CursedGrabber.
SolarWinds - not just any attack
- SolarWinds supply chain attack is believed to have compromised more than 250 government agencies and businesses. Several high-profile organizations including U.S. agencies and IT giants have been impacted.
- The attack targeted well-known tech firms such as Microsoft, CrowdStrike, VMware, and most recently, Mimecast.
- In addition, the attack targeted the U.S. State Department, Commerce Department, DHS, and the National Institute of Health.
Software supply chain attacks are being actively used by threat actors, and these attacks are expected to further increase in the coming future. Thus, experts suggest assessing and understanding supplier networks, knowing the risks associated with third-party partners, and including supply chain in response and remediation plan.