Security Breach: Supply Chain Attacks Continue to Haunt Cyberspace
Although not an entirely new phenomenon, the number of Supply Chain Attacks has considerably increased over the past couple of years. Recently, Forbes’ subscription page, Picreel, and Cloud CMS have been suffered of a security breach by Magecart — all in less than a week’s time.
Cloud CMS is an Enterprise Content Management System used by several businesses, and its customer information was targeted. The Forbes Magazine needs no introduction, while Picreel is a service provider that helps study user-behavior.
The Forbes-Picreel link
Apparently, Forbes is a customer of Picreel, which was already “affected” by malicious code. Now that paved way for speculations about the two being inter-related, however, Picreel’s recent comment put an end to it.
Picreel has recently confirmed that none of its customers’ details have been divulged during this attack. The leading Analytics service provider further stated that no customer data has been lost due to the malicious code inserted into its JAVA Snippet. This refers to the snippet which Picreel’s clients installed into their websites to enable Picreel’s services.
The Spokesperson for Picreel also clarified that the company had a strong security mechanism in place, due to which the vulnerability was detected in its early stages. Upon detecting anomalies, Picreel’s Servers reportedly triggered a security mechanism that prevented any sort of damage and internet security breaches. So, the services of Picreel were automatically deactivated, when under siege. We decided to check the current status of Picreel’s website and according to Google’s transparency report, the site appears safe.
Forbes’ Subscription mess
The Forbes Subscription Page was reportedly under a Magecart attack, which targeted payment details of the magazine’s customers. However, Forbes has recently stated that none of its customers’ data was divulged during the attack and that it is “fairly confident” about it. However, Forbes has reportedly stated that it would be prudent for anyone who has recently transacted through its subscription page to check their financial statements for any sort of discrepancies.
What is a Supply Chain Attack?
Supply Chain Attacks are currently the most dreaded cyber threats that can potentially damage the reputation and goodwill of an organization and lead to data security breach. It is a tool used for economic espionage, corporate wars and more.
In a supply chain attack, the threat actors look for the weakest link in an organization’s supply chain and strategically plan and introduce vulnerabilities. This insidious influence and discreet nature of this form of cyber attack make it even more terrifying and hard to detect.
Recent Supply Chain Attacks
Super Micro Computers Around October 2018, Super Micro Computers, which mass produced motherboards used in servers was targeted. It was discovered that threat actors infiltrated these motherboards with “spy chips”, which were used to introduce vulnerability into the system.
A point to note is that this company is a Supplier for over 30 leading American companies, which included the top contenders for the Pentagon Cloud Contract. This led the American authorities to point fingers at the Chinese authorities, who later denied any involvement in the matter.
ASUS Live Update On the other hand, the ASUS Live Update utility was infiltrated and the company was further embarrassed when the miscreants also misused its digital signature. So the gravity of a Supply chain attack depends on the defense mechanism of a company and can be prevented by detecting anomalies at the right time, as in the case of Picreel.
City Comp Says ‘NO’ Towards the end of April 2019, CityComp, a German IT Service provider’s data was allegedly breached by Team Snatch. City Comp maintains over 70,000 servers and has several high-profile clients such as Toshiba, Grohe, Airbus, and Porche.
Team Snatch reportedly made use of a Twitter handle to declare its misdeeds. Subsequently, around 14th May 2019, Team Snatch’s Twitter account was removed. After that, the notorious group continued declaring its illicit accomplishments on its ‘.onion’ site.
Later, when City Comp refused to succumb to their extortion demands, the miscreants reportedly released the data on its ‘.onion’ site, which included customer information.
PokemonGo This is yet another supply chain attack, which targeted Government websites, including the FBI’s very own website. Apparently, the data that the PokemonGo team threatened to release was the same that you’d find on a visiting card — Name, Phone Number and Addresses, Designation of the law enforcement personnel.
FBI couldn’t care less about it since it did not include any financial or sensitive data, and this juvenile attempt bore no fruit. Although the Hackers began by demanding ransom, they also agreed to settle down for the release of Peter Levashov, a Russian Hacker, who was arrested and extradited to the US, where he pleaded guilty and was sentenced. The exact motive or origin of PokemonGo is still unclear.
How to Prevent Cyber Security Breach on Supply Chains?
Strategizing the appropriate plan of action to prevent security incident in supply chain attack depends upon the flow of information, in an organization. The right way to start would be by ensuring absolute transparency within the supply chain, which is not always easy. Also testing components used in the operating technology, wireless network, and IT Network can be of use.
Finally, in Supply Chain Attacks, the challenging part is to determine the intent of the attacker as every Supplier on the supply chain caters to more than one client. Also, a company’s immediate supplier may not always be the one responsible for all of its software and hardware components, which may be infiltrated to divulge sensitive information. Since a chain of suppliers is involved in the process, it creates gaps that the threat actors take advantage of.