Estimated reading time: 2 minutes, 50 seconds

Supply Chain Hacking is Gaining Momentum Featured

Supply Chain Hacking is Gaining Momentum Photo by sebastiaan stam on Unsplash

Supply chain hacking and attacks present one of the most dangerous forms of hacking in the modern age of advanced information technologies. By getting access to the supplier’s network and hiding malicious code within the hardware, software, and apps in the supply chain, hackers have the capability of infecting thousands or even millions of computers within a very short time without the slightest evidence of foul play. This new trend shows that hackers are exploiting it to wreck havoc to unsuspecting manufacturers of electronic devices. The security sector and manufacturers are discovering the threats posed by supply chain hacking where attackers tend to focus on software providers instead of hackers hacking networks or devices directly.

Over the past few years, this trend has been increasing. The majority of attacks aim at software distribution channels. Most of the software supply chain attacks have been linked to Chinese-speaking hackers. Some of the known perpetrators of these attacks have been Barium sometimes known as Wicked Panda, ShadowHammer or ShadowPad. Successful supply chain attacks lead to a huge number of victims as this kind of attack is hard to discover. They simply spread the malicious lines of codes in trusted programs such as CCleaner which the unsuspecting users download. This hacking technique has proven to be a challenge to researchers because it exploits the gaps in the software trust models which govern code in machines. In short, supply chain attacks take advantage of the trusted software mechanisms ending up with thousands of unsuspecting victims.

Although more than six companies including ASUS have been affected by this type of attacks, the hackers seem to concentrate on spying as opposed to destruction. However, although there are few or no instances of destruction, the increasing number of supply chain attacks over the years has not only undermined integrity and trust on software and different brands but has also led to the concern that destruction may be in the offing. This could have much more impact than other traditional forms of attacks such as phishing, as people may end up losing trust in legitimate software, apps, updates and vendors. Since almost every company uses outside software and hardware as no one builds all technology from scratch, there is considerable risk attached to this. The supply chain may be corrupted leading to massive losses and casualties.

Despite security companies such as ESET and Kaspersky having successfully identified the attack, it is the future of these attacks that’s worrying. For instance, the attacks conducted by the likes of Barium are becoming more advanced and stealthier now than before. In the case of an attack carried out on Asus for example, the attacker disabled command-and-control server communication on the target, making it hard for defenders to find the attacker. In some instances, attackers are now capable of hiding one supply chain attack within another making the whole thing highly complex. This suggests a constant evolution in the methods of attack and the growing sophistication of supply chain hackers. As time goes by, it becomes harder for cybersecurity professionals to discover hacking activity and catch hackers.

As threats on supply chain continue increasing and hackers keep getting more skilled, each software or device purchased, the application downloaded or updates installed need to be thoroughly vetted and monitored for possible risks to security. Accordingly, all patches need to be up to date to protect the systems from corruption.

Read 6303 times
Rate this item
(0 votes)
Scott Koegler

Scott Koegler is Executive Editor for PMG360. He is a technology writer and editor with 20+ years experience delivering high value content to readers and publishers. 

Find his portfolio here and his personal bio here

Visit other PMG Sites:

PMG360 is committed to protecting the privacy of the personal data we collect from our subscribers/agents/customers/exhibitors and sponsors. On May 25th, the European's GDPR policy will be enforced. Nothing is changing about your current settings or how your information is processed, however, we have made a few changes. We have updated our Privacy Policy and Cookie Policy to make it easier for you to understand what information we collect, how and why we collect it.