Article written and provided by Armis. 

What is a Supply Chain Cyber Attack?

A supply chain attack is a type of cyber-attack that aims to harm an organization by targeting vulnerable elements in the supply chain. These attacks can occur in any industry and can involve software or hardware manipulation. Criminals often introduce malware or spying components during the manufacturing or distribution of a product.

Typically, supply chain attack is a term that refers to the physical tampering of electronics, such as computers, ATMs, power systems, and factory data networks, in order to install undetectable malware for the purpose of causing harm to an organization further down the supply chain network. However, it is important to note that supply chain attack can also refer to non-cyber attacks on physical supply networks that do not rely on technology, such as the theft of $80 million worth of prescription drugs from a pharmaceutical warehouse. This article will focus on cyber-attacks on physical supply networks that rely on technology, which is a method used by cybercriminals.

Examples of such attacks include the Target security breach, Eastern European ATM malware, and the Stuxnet computer worm. To prevent these types of attacks, supply chain management experts advise organizations to have strict control over their supply networks.

Why is the Supply Chain Vulnerable to Cyberattacks?

Supply chain attacks pose a significant risk to modern organizations and can affect industries beyond the information technology sector, including oil, retail, pharmaceuticals and any industry with a complex supply network.

The Information Security Forum highlights that the risk from supply chain attacks is due to the sharing of information with suppliers. This sharing is essential for the supply chain to function but also creates risk, as information compromised in the supply chain can be just as damaging as information compromised within the organization. Additionally, the trend of globalization has increased the number of exposure points, making it more likely for a cyber-attack to occur, as there are more entities involved and they are often scattered around the globe. Poorly managed supply chain management systems can make organizations vulnerable to cyber attacks, resulting in the loss of sensitive customer information, disruption of the manufacturing process, and damage to a company's reputation.

The use of modern technology such as beacons, sensors, and inventory robots are revolutionizing the manufacturing industry, but they also increase the potential areas for attackers to target.

The Internet of Things (IoT) is a network of interconnected devices that communicate via the Internet. The industrial IoT (IIoT) applies similar concepts and technologies to industrial settings such as factories, logistics, and supply chains. These IIoT devices and systems are used to control and operate critical infrastructure, such as power and gas supplies, nuclear power plants, oil refineries, and traffic management systems.

As these infrastructures are essential for providing goods and services and protecting human safety, they are prime targets for cybercriminals. Additionally, the operational technology (OT) components that operate these systems are often connected to information technology (IT) networks, providing an avenue for cybercriminals to pivot from IT to OT networks.

Many companies in the Industry 4.0 era rely on machine-to-machine communication, automation, analytics, the cloud, and machine learning to power new business models. Examples of such technology include predictive maintenance, smart manufacturing and robotics capabilities.

How to Prevent Supply Chain Attacks

Businesses must secure their critical systems by identifying and eliminating vulnerabilities, protecting against advanced threats and implementing compensating controls as quickly as possible. Unfortunately, many ICS networks still rely on outdated technology or hardware that are not compatible with current security controls and access management systems, leaving them vulnerable to malicious attacks.

To prevent these types of attacks, the first step is to identify all devices throughout your entire organization, including your supply chains, and factories, so that you can secure them.

With Armis, you can identify, categorize, and gain comprehensive information about all of the assets in your operational technology and information technology systems, including SCADA, PLCs, DCS, servers, laptops, IP cameras, and badge readers, with high precision using the Armis Device Knowledgebase, the largest crowd-sourced device knowledge base available in the cloud.

You can also visualize all existing and potential connections between your devices and segments, including those to unmanaged devices, rogue networks, and unauthorized communication channels. Utilizing a Purdue model-based organization of your environment to assist in the design and evaluation of your network segmentation strategy.

Armis also gives you the ability to observe the activity and state of all devices on your network without interruption and easily detect devices that deviate from their established normal behavior. Devices that are not functioning properly may be due to a configuration error, a policy violation, or abnormal actions such as abnormal connection requests or abnormal software running on the device. You have the option to set up automated notifications to simplify your response.

Importance of Cybersecurity in Supply Chain Management

With growing sophistication of attack vectors and rising threats such as ransomware and insider threats, businesses must reinforce their security defenses to avoid disruptions to operations, which could lead to costly downtime and failures of critical services.

In 2020, IT software company SolarWinds experienced a supply chain attack on its Orion platform. The advanced persistent threat attack enabled hackers to infiltrate the company's systems and also gain access to customer networks, including various government agencies such as the Department of Defense, the Department of Justice and the Department of Homeland Security.

In July 2021, IT solutions provider Kaseya was also targeted in an attack where hackers used a vulnerability in their software to launch ransomware into the company's supply chain. It is reported that this attack resulted in the closure of 800 Swedish supermarkets and around 1,000 businesses had their servers and workstations encrypted.

In February 2022, a cyberattack on commercial satellite services in Ukraine caused electricity-generating wind farms to shut down across central Europe. 

Learn more about Cyber Resilience & Armis Contact a WWT Expert 

Technologies