DS Total

This blog is aimed at understanding the specific risks that are associated with supply chain attacks, and how you can best protect yourself against them. This session will cover a broad overview of supply chain attacks, including:

  • The history of supply chain attacks
  • Targets of supply chain attacks
  • The relevant technologies used to attack supply chains and how they work
  • The impact and mitigation strategies for each target of supply chain attacks

What is a Supply Chain Attack? A Supply Chain Attack is a form of malware or unauthorized access to the information contained within a computer system that compromises the ability of an organization’s systems to function correctly. An organization can be attacked by either a large-scale or small-scale attacker. A large-scale attack occurs when attackers have access to an organization’s data store and can cause significant damage by exploiting vulnerabilities in the organization’s software systems. A small-scale attack occurs when attackers have access to only limited information about an organization’s systems and therefore cannot cause significant damage by exploiting vulnerabilities in those systems. The combination of these factors can result in a large-scale or small-scale attack on an organization. For example, A large-scale attacker might compromise a company’s network infrastructure while it was installing updates on its operating system, resulting in the attacker gaining administrative privileges over all computer systems on the network as well as enabling them to execute any code they want (such as rootkits). This would allow them to install malicious software onto all computers using that network infrastructure, potentially enabling them to run other malicious code on other networks as well as take control over other computer networks around the world (such as routers) en masse.

How Do Customers Get Their Turnkey Software Upgrades? When software vendors ship updated versions of their products, what do customers do with them? They upgrade from one version or release candidate (RC) version to another. But this isn’t always possible; sometimes updating requires doing additional work outside the scope of what customers may want (e.g., building appliance images, modifying configuration scripts etc.). It also doesn’t matter if it’s new product development based on new features or just bug fixes – customers can’t always be trusted with more than one update at a time. So what’s a vendor to do?

What Is The Impact?

Supply chain attacks are a growing concern for organizations of all sizes and industries. A supply chain attack is an incident where malicious actors – typically affiliates of a foreign government – take advantage of weaknesses in a company’s supply chain to gain access to sensitive information or financial data.

There are two types of supply chain attacks: physical and cyber-based. Physical attacks involve the weaponization of physical assets such as equipment, vehicles, buildings, and other physical assets. Cyber-based attacks use electronic threats to gain unauthorized access to computers or networks related to the company’s supply chain. In either case, criminals can steal information or cause damage through the use of malware or other malicious code.

In any type of attack, attackers are not only trying to get into one’s organization but also into one’s internal operational systems and networks by using malware that they can sell on the black market or as ransomware (a type of malware capable of encrypting files on your computer). This is one reason why you need to have a secure software supply chain that is protected from any potential threat coming in from outside your organization.

Why are they difficult to defend against?

In this essay, we’ll take a deep dive into the complexity of protecting the software supply chain to secure the cloud. We’ll look at how organizations can protect their cloud assets as well as how they can defend against attacks on their software.

First, we’ll start with a brief introduction to integrated security in 5 key areas:

  • Attacking and defending your Software Supply Chain
  • Assessing and Defending Your Software Infrastructure
  • Defending Against Attacks Targeting Data in the Cloud
  • Protecting Hosted Applications from Attackers on the Internet, in Public Clouds and Private Clouds
  • Leveraging advanced analysis for log management and incident response

The SolarWinds attack

In the wake of a recent massive data breach at one of the world’s largest IT companies, SolarWinds, we were able to uncover an impending attack that was only hours away from hitting the organization. We needed to take a deeper look at the behaviour of this attack and its impact on supply chain security. It was our analysis of this attack which led us to develop SolarWinds’ new secure software delivery platform Secure Software Delivery.

Other significant supply chain attacks

Both hackers and cybercriminals are looking for ways to take control of enterprises’ supply chains. The recent Sony hack was a classic example, as a group known as the EternalBlue exploit was used to breach Sony’s network.

In this article, we examine how attackers are finding new ways to attack organizations’ supply chains, and we also look at the changes in design that security threats are making to defend against them.

How the right choice of hardware can help you defend against supply chain attacks

Choosing Unit 24 against cyber risks is the best strategy to defend your systems against supply chain attacks. Unit24 is a leading, response-ready threat intelligence assuring the digital security of your system. With the integrated cyber risk expertise of Paulo Alto Networks, Unite 24 has become the most up-to-date and robust threat intelligence to help you protect your supply chains and other systems from digital threats and cyber attacks.

During a Red Team exercise commissioned by a Palo Alto Networks customer, Unit 42 researchers were able to masquerade as malicious developers with limited access to an organization’s Continuous Integration (CI) environment and attempt to gain administrative rights to the larger cloud infrastructure. This operation demonstrated how a malicious insider could harvest a CI repository and gain access to sensitive information.

  • The Unit 42 team was able to download every GitLab repository from the customer’s cloud software storage location. This allowed them to identify nearly 80,000 individual cloud resources within 154 unique CI repositories.
  • Within the repositories, researchers found 26 hardcoded IAM key pairs. This allowed them to escalate their privileges and access the customer’s supply chain operations.


The names of these attacks are easy to remember, and they have been exploited before. The problem is that even with the same name, they are quite different. To better understand these attacks, we need to look beyond the way they happen and look at the way they are used by attackers to get a better understanding of their goals.


Leave a Reply

Your email address will not be published. Required fields are marked *