Predictions are often tricky, especially when it comes to cybersecurity. To make our vision of the future more accurate, we constantly monitor day to day trends, to gain a better understanding of the current status of information security. Our analysis of incidents which took place between 2019 and 2020 led us to the conclusion that we would see increasingly sophisticated attack methods in the upcoming months.
This was especially true when it came to supply chain attacks. This type of cyberattack seeks to damage an organization by targeting less secure elements of the supply chain. Successful supply chain exploits over the last two years have made many businesses think twice about the number of providers they work with and how secure they really are.
The attacks take many forms, too. Some appear through software while others strike via firmware and hardware. Regardless, they are usually very sophisticated and destructive, such as we saw with ExPetr, or the CCleaner incident, or the campaign dubbed Operation ShadowHammer. More are emerging every year.
The end of 2020 saw this trend emerge once again. In December, FireEye published important details of a newly discovered supply chain attack, which was considered by some the hack of the year. An unknown attacker, referred to as UNC2452, planted the Sunburst Backdoor malware in SolarWinds’ Orion IT software. In parallel, Volexity published an article with its analysis of related attacks, attributed to an actor named Dark Halo.
The supply chain attack was designed in a very professional way, with a clear focus on staying undetected for as long as possible. For instance, before making the first internet connection to its servers, the Sunburst malware lay dormant for a long period – up to two weeks – to prevent easy detection of its behavior in sandboxes.
Another trait that sets this apart from other cases, is its peculiar victim profiling and validation scheme. Through the SolarWinds Orion IT packages, the attackers reached around 18,000 customers, according to the SolarWinds alert. According to our threat intelligence data, the victims of this sophisticated supply chain attack were located all around the globe: the Americas, Europe, Middle East, Africa and Asia.
With this level of sophistication and scale, the SolarWinds incident is yet another reminder of how necessary it is to stay protected against the most cunning forms of attacks. Because supply chain attacks will continue to evolve and strike in 2021, addressing vulnerabilities among suppliers and partners should become one of the top priority tasks for CISOs this year.
This includes not only making sure that your supply chain is resilient and your security perimeter is safe, but noting that no single vendor has complete visibility into the activities of all threat actors. To compensate for this, the better access you have to the latest threat intelligence, the better prepared you will be.
Explore Kaspersky Security Solutions for Enterprise to predict, prevent, detect and respond to cyberattacks.
Copyright © 2021 IDG Communications, Inc.
