September 20, 2022
Cybercriminals are compromising digital identities to target weak points in the digital supply chain.
No organization is an island. Even the smallest business relies on a network of partners and vendors to generate value for customers. Each of these groups represents a link in the digital supply chain responsible for creating that value.
For large institutions and enterprises, these links form a complex surface area with a risk profile that is hard to quantify. Every third-party tool and privileged external user represents a potential attack vector, yet few security solutions are equipped to take a holistic perspective of that risk.
Examine Risk in the Digital Supply Chain
In today’s hyper-connected, cloud-enabled enterprise environment, an attack on one organization can quickly expand into an attack on many. The 2021 Kaseya attack is a high-profile example of what can happen when the digital supply chain is compromised – cybercriminals ultimately held more than 1000 companies ransom in a single maneuver.
The average company negotiates and manages more than 100 software contracts. Large enterprises may have five times that number. Each of these contracts comes with its own set of privileged users, with unique access points and security policies. Attackers who successfully compromise those user accounts may gain immediate access to sensitive data and systems on your network – alongside many others.
Frequently, attackers explore supply chain attack vectors alongside persistent direct attempts, hoping to eventually catch an employee or user off-guard. Social engineering tactics are a common element of persistent supply chain attacks. Attackers spend time mapping out third-party supply chains and looking for weak links in the chain – enterprise security leaders should be doing the same thing.
Often, those weak links correspond to employee, partner, and executive user accounts. Compromising one element of an individual’s digital identity, like their social media account or email, can quickly lead to a security collapse downstream.
Automation-Friendly Technological Exploits Are Increasingly Popular
When it comes to carrying out supply chain attacks, cybercriminals have a variety of technological exploits to choose from. Additionally, they are constantly improving their tactics to overcome new security best practices.
For example, large-scale phishing campaigns can provide attackers with enough data to carry out highly targeted adversary-in-the-middle (AiTM) attacks that lead to business email compromise. Some versions of the AiTM attack method can successfully circumvent dual-factor authentication by stealing already-authenticated cookie data.
AiTM phishing is not new, but it is being used in new ways. In the AiTM phishing example given above, attackers don’t even need to create their own spoofed phishing pages – they simply proxy HTTP packets from the original site. This streamlines the entire attack process so attackers can target tens of thousands of users at once.
How Security Leaders Can Address Digital Supply Chain Risks
Identity management is as much a cultural issue as a technological one, but it can’t be effectively addressed without the right tools. Enterprise information security tech stacks must include the capability to capture, analyze, and respond to suspicious activities on privileged user accounts. Cybercriminals are automating their attack capabilities and security leaders must do so too.
Security information and event management (SIEM) solutions offer critical value in this use case. New and emerging technologies may dramatically impact the effectiveness and cost of these solutions in the near future.
For example, enterprise IT teams can save a great deal of time and money using automation to verify important elements of a third-party user’s digital identity. This requires collecting and verifying log data but could also mean authenticating the supplier’s credentials and certificates while ensuring the assets they represent (products, components, or services) are genuine.
Traditionally, part of this responsibility falls on centralized third parties providing know-your-customer services. Decentralized solutions that rely on blockchain technology are under active research by institutions, government agencies, and enterprise organizations around the world.
Prioritize Information Security When Building Out Your Tech Stack
Enterprise leaders need to make sure that information security is a top priority when implementing cloud technologies and SaaS solutions. These technologies must be evaluated not only on their ability to address specific pain points, but also on their security impact. If every company role is now a cybersecurity role, it stands to reason that every partnership is also a cybersecurity partnership.
Start securing your organization’s digital supply chain with the help of Castra's expertise and guidance.