In-brief: Trend Micro notes that supply chain attacks are on the rise, with attackers relying on a short list of techniques including compromises of source code, firmware and so-called “watering hole” attacks.
Trend Micro’s blog has a good post on the ever-evolving threats to the software supply chain. Specifically, the company drills down on some of the “Tactics, Techniques and Procedures” (or TTP) that cyber criminals use to compromise supply chains. They include:
Compromising source code
By compromising source code repositories, R&D and testbed servers and the like, cyber criminals can access and modify the source code of a vendor. For example: they can insert a backdoor into the source code. The source code hack is one of the most reliable methods of compromise, as it doesn’t require an overt “attack” on the target to gain access. Notably: the HAVEX malware family (known externally as Dragonfly/Energetic Bear) is known to have used Trojanized versions of ICS software, Trend points out.
[Read Security Ledger coverage of supply chain risks here.]
Firmware attacks are a bit easier than source code attacks, because attackers don’t need extensive access to the development and testing environment to carry one out. Instead, they merely need to obtain and modify the binary code of systems provided by a vendor, adding backdoor accounts and so on. Those can then be pushed out to customers or forwarded in a “phishing” email type attack. Customers will load the firmware and unwittingly contribute to the compromise of their own network. The Equation Group is believed to have used malicious hard drive firmware in their attacks. Trend says.
Compromising websites and internal portals
Watering hole attacks and compromises of strategic and public facing IT assets fall under this category. Attackers need to do reconnaissance on their targets to determine their browsing habits or to obtain administrative credentials needed to get access to critical IT assets and to understand the target network adequately to be able to navigate within it once they have compromised the security of the environment.
Other methods include: spear phishing attacks from trusted accounts or attacks via trusted third party vendors, Trend said.
Read the full post here: Securing The IT Supply Chain | Security Intelligence Blog | Trend Micro.