Chapter 5: Supply Chain

SolarWinds

SolarWinds, a system management tooling software for network and infrastructure monitoring, was breached in September of 2019, affecting more than 30,000 public and private organizations. By implementing malicious code into the software system, the bad actors were able to create a backdoor into customer environments. In the multi-year attack, the threat actors were able to unknowingly inject malicious code into the software that was rolled out to customers in an update on March 26, 2020. The advanced persistent threat actors are thought to have originally targeted SolarWinds government customers, making other collateral damage and not the main target of the attack.

Target Breach

During the holiday season of 2013, Target fell victim to one of the largest recorded security breaches to date affecting over 70 million customers in 47 of the 50 states. The attack originated with a third-party vendor of Targets, Fazio Mechanical, a refrigeration contractor. It is through this third party that the attackers were able to gain access to Target’s servers. Fazio had been given access to Target’s systems for electronic billing, contract submission and project management. This access gave threat actors, who originally had compromised the Fazio Mechanical network, the credentials needed to access Target systems themselves.

First and foremost, to protect against a supply chain attack, organizations must understand and assess their supplier’s network. Whenever network access is requested from a third party service provider, organizations need to understand the ins and outs of the request and the provider prior to granting access.

To ensure due diligence is conducted to protect yourself from supply chain vulnerabilities, the following criteria must be considered:

• What data is needed
• Who will have access to that data
• How will the data be used
• What are the current security practices at the 3rd party provider

By asking these questions and more, you will be able to understand the risks associated with the third party supplier and determine if it is an appropriate risk to take on. Arguably most importantly, it is imperative to include your third party suppliers in your incident response plan and understand what their response and remediation plans are if they are to fall victim to a breach. This way, there is a clear understanding and expectation setting of roles and responsibilities prior to an incident so that you can hold them accountable in the heat of a crisis.

At Conceal, we help organizations mitigate risk introduced through the supply chain with a keen focus on protecting data and applications by creating an air gap between you and your vendors. Vulnerabilities in third party providers processes and software can become a conduit for cyber criminals to hop from your partner’s environment to your network. This lateral movement can be more challenging to detect, presenting a significant risk to supply chain activities. Through the use of zero-trust hosting and access provided by ConcealCloud, applications are air gapped from the internet as well as your and your partner networks.This zero-trust model also eliminates the possibility for a bad actor to accesses your network by exploiting vulnerabilities present in your partner’s eco-system, neutering their ability to move laterally onto the your network. By removing direct network access to infrastructure, ConcealCloud eliminates the ability to remotely exploit critical flaws like those exposed from vulnerable third party software.