The Blog
What are Supply Chain Attacks?

What are Supply Chain Attacks?


What are Supply Chain Attacks and How can you Reduce Risk?

A supply chain attack aims to damage an organization by targeting less secure elements in its supply network. Exploiting a service provider's supply chain, data supply chain or traditional manufacturer supply chain has been seen in a litany of major data breaches in the past few years. In all of these attacks, the victim is not the ultimate target of the attack, but rather a stepping stone to other networks.

Reasons Why Supply Chain Attacks are Increasing

The Lucrative Business Model

Supply chain attacks are increasing because of their economies of scale. The past few years have been filled with massive data breaches that have flooded the underground markets with personal identifiable information, credit card numbers and bank account details. The supply of data now exceeds the demand, bringing down the value of this information.

Attack campaigns are operated like a business and like any business that hopes to stay afloat, each campaign has to yield a profit, have low operational costs and a high ROI. Supply chain attacks, such as M.E.Doc, enable hacking at scale: the attackers build a hacking operation that targets one organization, and through it are able to gain an initial foothold and further compromise hundreds and sometimes thousands of organizations.


When combined with other automated mechanisms, these operations can be scaled up, which allows many organizations to be compromised at the same time. This powerful shift helps drive the economics in favor of the attacker. Plus, supply chain attacks are the gift that continues to give: as long as they are not revealed, they provide ongoing access to new targets without investing in a new toolset.


Compared to other common infection mechanisms like spear phishing and compromising passwords, the impact of a supply chain attack is widespread and continuous.

The Path of Least Resistance

In some ways, improving enterprise security has helped foster supply chain attacks. With defenders cutting off easy routes to infections, attackers have become even more creative in how they attack enterprises. They see supply chain attacks as an easy way to infiltrate soft targets (especially if the company has limited security awareness and few security practices), commandeer their customers and surreptitiously install malware on their machines.


Additionally, attacking trusted applications, contractors and suppliers provides adversaries with a stealthy way to compromise hard-to-reach targets, like defense contractors. When combined with other automated mechanisms, supply chain attacks can be scaled up, which allows many organizations to be compromised at the same time.

The Difficulty of Detection

While the number of supply chain attacks will continue to grow, we expect detection to lag, especially in cases when the target provides products or services to a specific country or industry. Since most supply chain attacks include adding a backdoor to legitimate, certified software, they are rarely detected by an organization’s security tools.


And don’t expect the software vendor that’s being targeted to detect the attack. The security teams at these companies usually don’t anticipate that their software would be targeted during the development stage, a point not lost on attackers.

Even if a compromised vendor discovered an attack, they could be reluctant to disclose it, fearing that their reputation would be damaged. They’re likely to quietly fix the problem and leave the compromised customers unknowingly exposed. A better option (and one that we prefer and hope companies follow) is to immediately report the compromise despite the potentially painful consequences.

How to Mitigate the Risk of Supply Chain Attacks

  • Follow best security practices, monitor vendor access to internal data and networks, establish boundaries and adhere to these boundaries strictly
  • Log and monitor any external vendor access, be knowledgeable of third-party providers’ incident response and disaster recovery plans
  • Decrease your attack surface by limiting users’ ability to install third party software on machines, primarily freeware.


Share this:
Request more information

You have missed out some details, please try again.

Your Name:
Job Title:
Company Name:
Please answer the above question to prove that you are human.

©2019 Global Business Intelligence | All Rights Reserved

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we'll assume that you are happy to receive all cookies. You can find out how we use cookies here.