Software Supply Chain  Attacks

Software Supply Chain Attacks

Firstly, we must understand what supply chain management software entails. Supply chain management (SCM) is the broad range of activities required to plan, control and execute a product’s flow, from acquiring raw materials and production through distribution to the final customer, in the most streamlined and cost-effective way possible. Therefore in simple terms, supply-chain-management software (SCMS) is the software tools or components used in executing supply chain transactions, managing supplier relationships and controlling associated business processes.

Since 2018, the software supply chain is increasingly targeted by cybercriminals. Attackers search for unsecured network protocols, unprotected server infrastructures, and unsafe coding practices. They break in, change source codes, and hide malware in inbuilt and update processes. Because software is built and released by trusted vendors, these apps and updates are signed and certified. In software supply chain attacks, businesses are likely unaware that their apps or updates are infected with malicious code when they are released to the public. The malicious code then runs with the same trust and permissions as the apps released.

Attackers target both software developers and suppliers in an attempt to gain access to source code, updating processes or even on-premise servers. The objective is to get their malware onto a software application that will be deployed to multiple users. Once the software is on a system, then so is the malware with all of the same permissions.  Once the software is infected, it can then make its way onto other software that’s more widely shared such as PDF readers or file compressing apps.

Cybercriminals instigate these attacks for reasons such as Cryptojacking. They exploit the trust that both businesses and individuals so willingly give to applications that effectively meet day to day operational needs. By poisoning software and undermining delivery or update infrastructures, supply chain attacks can affect the integrity and security of goods and services that organizations provide.

Best practices to follow

Software updates for operating systems should be installed as soon as possible. Multi-factor authentication should be required for all administrative privileges. Secure socket layers and digital signatures should also be important parts of the software development process. It is also important to check in on current software suppliers and review all your IT outsourcing contracts to make sure they are practicing safe cyber.

Deploy strong code integrity policies to allow only authorized apps to run. Use endpoint detection and response solutions that can automatically detect and remediate suspicious activities. Immediately apply security patches for OS and software. Implement antimalware solutions that use machine learning rather than signatures as they are capable of identifying malware even if they are unknown or digitally signed.