Supply Chain Attacks are A New Focus for Cybercriminals
IT administrators need to be aware that supply chain attacks are a new focus for cybercriminals. As most organizations purchase components from third parties to build their own infrastructure, this can pose a risk through the introduction of malware and other vulnerabilities. Attackers gain an advantage in accessing data. Supply chain attacks are on the rise.
Supply Chain
When components are manufactured in countries such as China, the costs can be cut down. It is this element that can be cost effective when building motherboards and routers by local technology builders. The are then shipped to customers. However, it is at this point that any malicious component added to the hardware is left unchecked. This new installed malicious equipment informs the attackers that the backdoor is now open for entry.
Attackers are able to eavesdrop on data, scan networks, steal passwords, install malware or more, giving the state sponsored threat actors remote control of the local system. Data routed through routers and servers, which are the two primary targets for supply chain attacks allows the attackers to have access to a plethora of the organizations information. This can include company secrets, intellectual property, sensitive data or indeed, anything that is passed on the network, making it highly sought after.
Servers offer an alternative advantage for attackers, because they permanently store data, files and configurations, which the attacker can then take control of for its own misdeeds. There are very few systems in place that offer protection from malicious components that are already integrated with the system. Anti malware is not written to detect malicious components that are already integrated.These components can avoid detection by integrating with the operating system and running on the kernel layer.
IT Administrators Need To Protect Against Supply Chain Attacks
Most IT administrators run tests on new equipment to check against bugs or defects and that it runs smoothly. However, security needs to be a priority when running tests, such as penetration testing. Motherboard layouts can be read by engineers to ensure that no additional components are installed. Corporations using equipment from third parties can help reduce risk by knowing their supply chain and understanding where hardware is manufactured and built.
Identifying any unusual patterns of activity through penetration tests can be done. Backdoors might send data back to the attacker to let them know the system is ready for exploitation. Running a system in a safe environment with network analyzers and server monitors can help identify these attacks.
It is important for all organizations to fully test their equipment prior to installation.
