/dq/media/agency_attachments/UPxQAOdkwhCk8EYzqyvs.png)
Follow Us/dq/media/post_banners/wp-content/uploads/2021/11/Tech-tips-to-keep-supply-chains-moving1.jpg)
Every year, cyber criminals keep on innovating and fine-tuning their techniques to exploit vulnerabilities and breach the best of defenses set up by enterprises. In 2021, the world discovered a new attack vector --- trusted software being used to install malware and gain privileged access.. Hackers exploit the fact the software and the updates being pushed are trusted .This attack vector was first seen in the case of the highly publicized SolarWinds attack. However, it is not the only example.
Since the discovery, the industry has observed acceleration in supply chain attacks. This includes Kaseya (which impacted more than thousand organizations due to the attack against its key product, VSA, which is used by MSPs to remotely monitor and deploy IT services), Codecov (an online software testing platform whose software was compromised to gain access to application code, data stores and services) and the more recent Log4j (a logging framework which is used to provide logging services to Java applications, was compromised and said to be affecting close to 4% of projects in the Java ecosystem). As digital initiatives grow in scale, this number is only expected to go up. For instance, Gartner has predicted that by 2025, 45% of enterprises globally will experience attacks on their software supply chains. This translates into a three-fold increase from 2021.
Countermeasures against supply chain attacks
With these statistics in context, let us look at some of the best practices that enterprises can adopt to improve their security posture against supply chain attacks
# Regularly scan software for vulnerabilities: Most enterprises use open source code in some way or the other. Open source code is also part of a significant number of commercial software solutions used in the market. Many of these open source packages can have vulnerabilities, and have to be patched or upgraded. The Log4j attack is a perfect example of attackers exploiting existing vulnerabilities to gain access to the application code and carry out the attack. In other cases, attackers insert malicious code or malware into existing software packages, and gain access to other networks as the software is installed or updated.
# Monitor the security posture of partners: Firstly, enterprises must have an inventory of the software partners that have a presence in your internal ecosystem. This includes e-mail service providers, MSPs or software service providers. Enterprises must ask them the processes they follow to update or check their existing software tools for vulnerabilities. In many cases, even a small vulnerability in the systems of external partners who have access to your internal systems, open the door for carrying out attacks. Enterprises can also consider attack path analysis solutions which help security teams understand the probable attack surface in their network.
# Use the least privileges principle: By enforcing the principle of least privileges, enterprises can ensure that people or bots only have the minimum levels of access required as per their roles or tasks. This prevents an escalation in privileges which is normally used to carry out attacks by using super-user and administrator privileges. A least privilege enforcement policy helps enterprises in reducing the overall attack surface.
# Segment your network by implementing a zero trust architecture: Segmenting the network helps in breaking the network into zones based on specific business functions or access required by employees. In case of a supply chain attack, the network segmentation helps in keeping the breach contained to a segment of the network and preventing a breach of other network zones.
# Use Detection and Response Solutions: By using EDR/MDR services, the resilience to a successful exploit can be increased. SOC teams and proactive threat hunting measures can help with early detection and easier response to attacks.
Besides these best practices, organizations can also look at enlisting the support of managed security service providers who have the expertise and the experience of constantly monitoring networks for suspicious activities and carrying out maintenance activities such as patching and vulnerability scanning.
While the road to a secure enterprise is always a journey and not a milestone, the above best practices can be a good starting step to improve your security posture and reduce the chances of supply chain attacks.
/dq/media/post_attachments/wp-content/uploads/2022/04/Mr.-Srinivas-Prasad-Information-Security-Incident-Response-Director.jpg "Mr. Srinivas Prasad Information Security Incident Response Director")
This article has been written by Srinivas Prasad, Information Security Incident Response Director, NTT Ltd. in India