The SolarWinds attack was a pivotal moment for cybersecurity, proving that sophisticated threat actors could breach an organization through their trusted security supply chain. (1) The recent Qualys attack — in which cybersecurity firm Qualys suffered a data breach due to a zero-day vulnerability in a third-party tool — serves as another reminder that the idea that “trusted = safe” is a fallacy.(2)
In fact, it is not just the security supply chain at risk, but any software that attackers can use to breach your organization, especially software applications that both contains sensitive data and automatically updates.
Traditionally, the supply chain refers to every component involved in delivering a product, from production to distribution, and everything along the way that affects the end consumer from receiving it.
However, the world runs on software now. From the computers we use at work to our mobile devices, connected homes, and IoT — we’re powered by code. The digital supply chain is anything that touches that code from development to production and updates and enhancements. It includes version releases, known vulnerabilities, and security controls. It even has other software running on the same infrastructure the applications are running on.
This means that digital supply chain risks are inherited from an organization’s dependencies, which are pervasive. Adversaries can inject malicious code through auto-updates, poison a network with clandestine malware through a backdoor, or use any number of ways to breach an organization. If the infrastructure used to deliver the software or the software itself is breached, the damage is done. An organization has to deflect every attack; a bad actor only needs to succeed once.
Organizations today rely on hundreds if not thousands of software suppliers, and users are continually consuming and updating that software. Digital supply chain security includes protecting all of that third-party software and externally sourced applications. This starts with gaining control and visibility over your entire organization.
How ThreatWarrior Protects the Digital Supply Chain
ThreatWarrior was natively built to help you better protect your supply chain. Our digital supply chain protection capabilities identify known threat signatures and anomalies in your digital supply chain, including in your other critical software applications and security tools.
The growing digital supply chain introduces new vulnerabilities to your organization, and auto-updates can further increase the threat surface. ThreatWarrior reveals any anomalous behavior or suspicious updates, and identifies malicious communication between your environment and outside entities.
Additionally, ThreatWarrior protects your network while remaining invisible to threat actors. As demonstrated in the SolarWinds attack, sophisticated threat actors can design their malware to lie dormant on a victim’s network to avoid being observed by security analysis tools, with the goal of activating later to evade detection. Every security tool visible on the network is not only ineffective, it’s a target.
Many cybersecurity strategies and practices were created in a time when organizations still believed they could trust their vendors and third-party applications. Today, we know that “only using trusted vendors” does not make your network secure. Trusted vendors, even cybersecurity vendors, can be used to leverage attacks against an organization. Just because a solution is already deployed inside an enterprise does not make it immune to compromise.
SolarWinds and Qualys are not the only cyberattacks to leverage the digital supply chain, and we’ll certainly see more of this type of attack. The hyper-connected digital supply chain requires more attention than ever to secure and security models must adapt to reflect that. It’s time for organizations to rethink their security strategies.
Learn how to execute digital supply chain protection with network detection and response solutions from ThreatWarrior from constantly-evolving cyber threats.