US Warns of Supply Chain Attacks

The US government has repeated warnings of state-sponsored cyber-attacks made possible by infiltrating the software supply chain.

The report from the National Counterintelligence and Security Center (NCSC) reveals insight into foreign economic and industrial espionage against the US.

It calls out China, Russia and Iran as “three of the most capable and active cyber actors tied to economic espionage and the potential theft of US trade secrets and proprietary information.”

While new technologies such as AI and IoT will introduce new vulnerabilities into networks “for which the cybersecurity community remains largely unprepared,” it’s the software supply chain that represents one of the biggest emerging threats, the NCSC claimed.

It said 2017 was a watershed year in that it witnessed seven “significant” incidents versus just four in the preceding three years.

These included the infamous backdoor inserted into popular Ukrainian accounting software M.E. Docs which was the initial threat vector for the NotPetya ransomware campaign. Other supply chain attacks included CCleaner, which targeted technology firms and mobile operators, and Kingslayer, which has compromised at least one defense contractor.

The warnings echo those of the UK’s National Cyber Security Centre (NCSC) in April, which claimed state-sponsored and other compromises of MSPs and software providers can give hackers a stepping stone into thousands of organizations’ networks by allowing them to abuse “privileged accesses and client/supplier relationships.”

“When done well, supply chain compromises are extremely difficult (and sometimes impossible) to detect. Network monitoring can detect unusual or suspicious behaviour, but it is still difficult to ascertain whether a security flaw has been deliberately introduced (possibly as a backdoor) or results from a careless error on the part of developers or manufacturers – or indeed to prove that any potential access has been exploited,” it argued.

James Romer, EMEA chief security architect at SecureAuth Core Security, argued that secure access is a key part of protecting the supply chain.

“There needs to be a more robust approach to authentication within organizations’ supply chains,” he added. “One that brings context to the process and allows for a rapid response to evolving threats without significant human intervention.”

What’s Hot on Infosecurity Magazine?