Why are digital supply chains is such a popular target for threat actors?
Cyberattacks against the digital supply chain are nothing new. Reports of attacks against this essential business function surfaced in as early as 2015 – long before the infamous SolarWinds hack took place in December 2020, which, for many people, was their introduction to digital supply chains and their vulnerabilities.
However, attacks against the digital supply chain have skyrocketed in recent years, particularly when it comes to distributed denial-of-service (DDoS) attacks. For example, in the second half of 2021 alone, NETSCOUT’s 2H2021 Threat Intelligence Report discovered a 606 percent increase in DDoS attacks against software publishers, along with a 162 percent increase in attacks on computer manufacturers, in addition to a 263 percent increase against computer storage manufacturing. Despite much of the world returning to normal following the disruption of the pandemic, as well as the rate of overall DDoS attacks decreasing during this time, the digital supply chain has very much remained a prime target.
When cybercriminals put this much effort into attacking a particular area, it’s imperative to understand why. It is also important to know the steps that organizations can take to protect themselves from such attacks.
ATTACKS AGAINST THE DIGITAL SUPPLY CHAIN
The potential disruption following a successful attack makes the digital supply chain an attractive target for bad actors. An example of this can be found in the aftermath of the 2021 cyberattack against Kaseya, an IT solutions developer for managed service providers (MSPs) and enterprise clients. By attacking Kaseya, threat actors discovered that the software had numerous cybersecurity vulnerabilities, allowing them to gain a backdoor into the IT systems of the many businesses Kaseya’s software supported. This resulted in more than 1,500 organizations worldwide having their IT systems completely paralyzed. REvil, the Russian criminal gang behind the attack, was even able to demand ransom payments from the companies impacted by the campaign.
Further to this, attacking the digital supply chain gives cybercriminals the capacity to compromise enterprise networks by attacking connected applications or services which are utilized by third parties, for example, suppliers. Using the SolarWinds incident as an example, attackers targeted the organization in order to gain access to a catalog of lucrative customers and suppliers. This means that a digital supply chain attack may in fact trigger a chain reaction across several companies connected to the intended target, increasing the difficulty when it comes to identifying and preventing the attack. The availability and use of open-source tools is another complicating factor, greatly impacting traceability and attribution efforts.
Worryingly, it’s often the case that businesses do not consider the risk posed by cyberattacks serious enough to protect themselves against them. In its own research, the Department for Digital, Culture, Media, and Sport found that 91 percent of executives from leading companies in the UK consider cyber threats to be very high or high risk. However, almost a third admitted to taking no action on supply chain security, with just seven in ten respondents actively managing possible supply chain risks. It is vital for all businesses to adequately protect their digital supply chains in order to prevent cyberattacks, particularly DDoS attacks, from devasting their online infrastructure.
HOW CAN ORGANISATIONS PROTECT THEIR DIGITAL SUPPLY CHAINS?
There are several steps organizations can take to prevent cyberattacks from wreaking havoc across their digital supply chains.
Looking specifically at DDoS attacks, it is vital for businesses to invest in a DDoS mitigation system that is both strong and effective. Through the implementation of comprehensive DDoS protection, organizations can rest assured that should their digital supply chains be the target of a DDoS attack campaign, the potential damage caused will be kept to a minimum and almost entirely neutralized.
However, simply having a system in place is not enough. Organizations must ensure these solutions are regularly maintained and tested so that any changes in attack methodology can be identified. By periodically testing the systems in this way, not only are changes to businesses’ digital supply chains incorporated into the mitigation plan, but organizations are also provided with insights into new trends and types of DDoS attacks, as well as how to proactively prepare for them. Organizations should also consider partnering with an on-demand cybersecurity specialist. By utilizing this expertise, they will be able to negotiate unfamiliar situations, which should prove to be beneficial to the business. Organizations will also be well-equipped to defend their digital supply chains should they become a target for criminal activity, so long as they adhere to best current practice (BCP) procedures. This includes acting in accordance with situationally specific network access policies that permit internet traffic solely through required IP protocols and ports.
With threat actors launching an increasing number of cyberattacks against the digital supply chain, it’s vital for enterprises to take the necessary steps to protect this vital business function from nefarious activity. This will put organizations in a strong position to defend themselves should they be the target of cybercriminal activity, such as DDoS attacks.
