Word Notes 2.9.21
Ep 36 | 2.9.21

supply chain attacks (noun)


Rick Howard: The word is: supply chain attacks.

Rick Howard: Spelled: supply as in to furnish, chain is in a series of objects, and attacks as in to set upon in a hostile or aggressive way.

Rick Howard: Definition: Also known as a third-party attack or a value-chain attack, advisory groups gain access to a targeted victims network by first infiltrating a business partner's network that has access to the victim's systems or data.

Rick Howard: Example sentence: Supply chain attacks expose the following gap in a company's cyber defenses, an organization's defensive controls are only as strong as those of the weakest links in the supply chain.

Rick Howard: Origin and context: One key step to the intrusion kill chain model occurs when cyber adversaries seek to compromise an initial endpoint in order to establish a beachhead somewhere within the victim's network. From there, they can conduct follow-on operations like privilege escalation, lateral movement, or data exfiltration. But establishing the beachhead is key. The adversaries can either go directly at the victim or they can come sideways by first compromising a partner's network that has access. One of the first known supply chain attacks was the breach of the Target retail chain in 2014. The attackers first compromised Target's HVAC vendor, Fazio Mechanical Services, and used their accounts to legitimately log into the Target's infrastructure. The attackers were able to steal personal identifiable information, or PII, and financial information impacting 70 million customers and 40 million debit and credit cards. The SolarStorm adversary campaign is a recent supply chain attack where the hackers compromised the software update mechanism of the SolarWinds Orion network management platform. 18,000 SolarWinds customers legitimately downloaded the software that contained the backdoor code that allowed the adversary group UNC2452 to use it as a beachhead.

Rick Howard: Nerd reference: According to David Sanger, in his 2018 Cybersecurity Canon Hall of Fame book, "The Perfect Weapon: War, Sabotage and Fear in the Cyber Age," President Bush authorized a SolarStorm-styled attack campaign codenamed "Operation Quantum" against the Chinese firm Huawei. Huawei is a multinational technology company headquartered in Shenzhen, China, that designs, develops and sells telecommunications equipment and consumer electronics worldwide. The US-designed Operation Quantum to be a multi-pronged cyber operation, to "bore a way deep into Huawei’s hermetically sealed headquarters, crawl through the company's networks, understand its vulnerabilities, and tap the communications of its top executives." They wanted to "exploit Huawei’s technology so that when the company sold equipment to other countries, including allies like South Korea and adversaries like Venezuela, the NSA could roam through those networks unopposed."