Cybercriminals are increasingly gaining access to organizations not through their core systems, but through their most vulnerable vendors, and many of these incidents are not publicly reported. This is stated by Unit 42, the Palo Alto Networks threat intelligence and incident response team, which highlights that more than one in four cyberattacks (28%) investigated in Europe during the last year had their origin in third-party breaches.
This figure could be even higher, as many attacks that begin with third parties are not identified or reported as supply chain incidents, hiding the true magnitude of the problem.
“Incident response investigations focus primarily on securing the victim organization and restoring its operations as quickly as possible, rather than spending time tracing the source of the intrusion. This means that many supply chain attacks are not reported as such and companies are often unaware of the true level of risk within their supplier ecosystem,” explains Chris George, Managing Director EMEA Unit 42 at Palo Alto Networks.
Use of AI, connectivity and dependence on vulnerable third parties
The most attacked sectors across the supply chain include technology and financial services, due to the high value of the data they manage and their extensive network of suppliers. Likewise, legal firms and professional services companies have become frequent targets for their access to confidential information of large corporations, while luxury brands are also on the radar of cybercriminals, who seek to access the personal data of high-net-worth clients.
Among the main reasons behind these attacks are the following:
• Expanded digital ecosystems: companies are part of increasingly broader ecosystems, with hundreds or thousands of suppliers, which multiplies the attack surface.
• Weakest link principle: Attackers exploit smaller suppliers with weaker defenses to take advantage of the trust large companies place in them.
• Economic asymmetry: compromising suppliers is usually easier and faster than attacking a large company directly, which offers a very attractive risk-reward ratio for attackers.
• AI Acceleration: Ransomware-as-a-service, access brokers, and AI tools for reconnaissance, exploitation, and social engineering make supply chain attacks easier and cheaper. According to Unit 42, a “perfect storm” is forming due to the use of AI, increasing connectivity and over-reliance on vulnerable third parties.
Most common attacks on the supply chain
If we had to highlight the attacks that occur to a greater extent in the supply chain, the following modalities would have to be highlighted:
• Software poisoning attacks: manipulation of the software development cycle by altering code, libraries or dependencies before the product reaches the end user.
• Hardware tampering: alteration of components during manufacturing or transportation to introduce malicious elements.
• Business process attacks: Exploiting the relationship between a company and its suppliers or partners to introduce malicious content into seemingly legitimate activities.
Cyber altruism as a defense strategy
Unit 42 recommends adopting a series of protection measures that include mapping all digital dependencies, identifying all suppliers and connections; Detect weak links, identify and fix vulnerabilities before attackers do, or share security down the chain, i.e. extending tools, training and protection to smaller suppliers and contractors.
These measures should be part of a “cyber altruism” strategy, based on the pragmatic idea that large organizations share security capabilities with their smaller suppliers, since they all share the same level of risk exposure.
