The XDR technology is one of the most confused not well-defined solutions that actually exist in the market. This technology has evolved from EDR and NDR to reach some SIEM ...
Over the last few years when supply chain attacks have become the main type of attacks used by hackers to penetrate systems, I’ve got a lot of questions about it from my clients. One of the most common questions about this attack was, can a website be vulnerable to a supply chain attack?
Websites are the most vulnerable kind of software to a supply chain attack. In fact, most websites are usually developed by third-party companies. Those companies are usually small or medium ones that do not take the security aspects of their network seriously.
In this blog post, I will explain why websites are so vulnerable to supply chain attacks with realistic examples and how you can protect your website from them.
Before we start talking about what makes a website vulnerable to this attack, I would like to first explain what a supply chain attack is. A Supply chain attack happens when at least one of the company’s suppliers or service providers gets hacked, and then this hack is used by the attacker to target the client.
Websites are the most kind of software that gets subcontracted by big companies. Unfortunately, most companies do not take seriously the security aspect of their websites, and those who care about security only check the software development security best practices.
However, in supply chain attacks the hacker does not look for the source code vulnerabilities. The idea is to find vulnerabilities in the supplier’s network to try to infiltrate it and then put backdoors in your website source code.
Most small companies do not take security seriously, not because they don’t care but, it is just because they don’t have the right budget to put in place a good security plan.
Basically, all kind of subcontracted software is vulnerable to supply chain attack, the only thing that makes websites the most vulnerable type is the fact it is the most subcontracted kind of software. Even companies that have no software to work with, may at least buy a website for their business.
In my opinion, the most vulnerable type of website that can easily be vulnerable to a supply chain attack is the one based on a CMS. The reason behind this is that most of those CMS-based websites use multiple plugins from multiple suppliers that could easily be victims of a cyber-attack.
Detecting a supply chain attack is really a very difficult and complex task to do and it may take a lot of time before it gets successfully discovered. Moreover, classifying an attack as a supply chain attack is even more complex and will require additional investigations.
According to a report performed by the European Union Agency for Cyber Security (ENISA), between 2020 and 2021, 24 supply chain attack was reported.
62% of those attack was performed using a malware infection and exploited the trust relationship between the supplier and the client.
According to the same report in 66% of the supply chain attack that has occurred between 2020 and 2021, the supplier didn’t even know how they’ve got hacked. In addition, only 9% of the clients that was a victim of this attack did not know how they got compromised. This shows the gap in terms of information security between the service provider and the client and explains the increase in the number of supply chain attacks in the last few years.
Supply chain attacks occur in two steps. The first one happens when the company’s supplier gets hacked and the second one is when the client gets hacked. This type of attack takes a long time to be successful which a lot of patience. In addition, the supply chain attacks require a lot of money to be performed which therefore can only be used if the target is worth it.
To perform the first step which is attacking the supplier, attackers usually use one of the following techniques:
Once the attacker is in the supplier network, he tries to gather as much information as possible about his real target which is the client. The idea here is to correctly prepare for his next step, which is infiltrating the client’s network.
To penetrate the client systems, the attacker usually exploits at least one of the following things, which usually exists between a service provider and his clients:
Other attack techniques could also be used in a supply chain attack for both attacking the supplier and the client. However, in the blog post, I tried to focus only on the most commonly used ones.
As I said, detecting a supply chain attack is a very complex task that requires both advanced skills and big budgets. In addition, most of those attack exploits the trust relationship that is established between the supplier and his client, which make it even harder to stop.
However, here are some recommendations that you need to follow to at least reduce the risk of being a victim of a supply chain attack:
Written by: Z. Oualid
I am a Cyber Security Expert, I have worked with many companies around the globe to secure their applications and their networks. I am certified OSCP and OSCE which are the most recognized and hard technical certifications in the industry of cybersecurity. I am also a Certifed Ethical hacker (CEH). I hope you enjoy my articles :).
In the intricate landscape of cybersecurity, understanding the concept of malware artifacts is paramount for safeguarding digital environments. All malwares has their own digitale signature that is represented by their [...]