Podcasts
Word Notes
Ep 36
Word Notes 2.9.21
Ep 36 | 2.9.21

supply chain attacks (noun)

Show Notes
Transcript

Rick Howard: The word is: supply chain attacks.

Rick Howard: Spelled: supply as in to furnish, chain is in a series of objects, and attacks as in to set upon in a hostile or aggressive way.

Rick Howard: Definition: Also known as a third-party attack or a value-chain attack, advisory groups gain access to a targeted victims network by first infiltrating a business partner's network that has access to the victim's systems or data.

Rick Howard: Example sentence: Supply chain attacks expose the following gap in a company's cyber defenses, an organization's defensive controls are only as strong as those of the weakest links in the supply chain.

Rick Howard: Origin and context: One key step to the intrusion kill chain model occurs when cyber adversaries seek to compromise an initial endpoint in order to establish a beachhead somewhere within the victim's network. From there, they can conduct follow-on operations like privilege escalation, lateral movement, or data exfiltration. But establishing the beachhead is key. The adversaries can either go directly at the victim or they can come sideways by first compromising a partner's network that has access. One of the first known supply chain attacks was the breach of the Target retail chain in 2014. The attackers first compromised Target's HVAC vendor, Fazio Mechanical Services, and used their accounts to legitimately log into the Target's infrastructure. The attackers were able to steal personal identifiable information, or PII, and financial information impacting 70 million customers and 40 million debit and credit cards. The SolarStorm adversary campaign is a recent supply chain attack where the hackers compromised the software update mechanism of the SolarWinds Orion network management platform. 18,000 SolarWinds customers legitimately downloaded the software that contained the backdoor code that allowed the adversary group UNC2452 to use it as a beachhead.

Rick Howard: Nerd reference: According to David Sanger, in his 2018 Cybersecurity Canon Hall of Fame book, "The Perfect Weapon: War, Sabotage and Fear in the Cyber Age," President Bush authorized a SolarStorm-styled attack campaign codenamed "Operation Quantum" against the Chinese firm Huawei. Huawei is a multinational technology company headquartered in Shenzhen, China, that designs, develops and sells telecommunications equipment and consumer electronics worldwide. The US-designed Operation Quantum to be a multi-pronged cyber operation, to "bore a way deep into Huawei’s hermetically sealed headquarters, crawl through the company's networks, understand its vulnerabilities, and tap the communications of its top executives." They wanted to "exploit Huawei’s technology so that when the company sold equipment to other countries, including allies like South Korea and adversaries like Venezuela, the NSA could roam through those networks unopposed."

Word Notes
Podcast Info
HOST(S):
Rick Howard
Rick Howard is the CSO of N2K and the Chief Analyst, and Senior Fellow at the N2K Cyber, formerly CyberWire. His past lives include CSO at Palo Alto Networks, CISO at TASC, the GM at Verisign/iDefense, the Counterpane SOC Director, and the Commander of the Army's Computer Emergency Response Team (CERT). Rick served 25 years in the Army, taught computer science at West Point, edited two books and just published his own book, "Cybersecurity First Principles: A Reboot of Strategy and Tactics" and he is regularly joined at the N2K Cyber's Hash Table by a collection of industry experts.
Schedule: Tuesdays
Creator: CyberWire, Inc.
ADVERTISEMENT
KnowBe4
KnowBe4

KnowBe4, the provider of the world’s largest integrated security awareness training and simulated phishing platform. KnowBe4 helps organizations address the human element of security by raising awareness of social engineering tactics through a new-school approach to security awareness training. Learn more at KnowBe4.