Digital scare to supply chain: Software supply chain security is a critical component of overall cybersecurity – Opinion News | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware

By Shrikrishna Dikshit

There has been a rise in the number of cyberattacks by exploiting inadequacies in the security controls around the software supply chain. Adversaries are using sophisticated techniques and exploiting vulnerabilities within supply chains in unprecedented ways. This uptick highlights the pressing need to bolster security protocols throughout the software supply chain.The primary motive for cyber adversaries to mount attacks of any nature is to gain access to sensitive and confidential information that they may then misuse to coerce organisations for financial gains or leak it on the dark web.

The most recent instance of data leakage that gained attention is the boAt incident in which data of over 7.5 million customers was leaked. Specific details of the breach are unknown at this point of time and the root cause of the incident is yet to be determined. The incident, however, highlights the importance of ensuring that customer data is secured via comprehensive security controls, which not only include controls in the individual organisation’s context but also adequate measures to safeguard the supply chain from any potential risks.

This has become even more crucial, following the enactment of the Digital Personal Data Protection Act in 2023.Over the past few years, there have been many instances of cyber adversaries targeting the supply chain. The most famous one was the SolarWinds breach in 2020, when hackers compromised the American firm’s software updates, granting them backdoor access to thousands of companies and government agencies. Another incident occurred in 2023 — Okta, a company which provides identity and access management, was breached, leading to the disclosure of sensitive tokens.

These were used for breaches in a software company, Cloudflare.The most recent instance, which was uncovered in late March, was the attack on the XZ Utils backdoor. XZ Utils is a vital data compression tool widely integrated into Linux distributions. There are several Linux versions that have been affected by the vulnerability. The backdoor may lead to unauthorised system access, denial-of -service, and data tampering/exfiltration.Strategies for defenceWhile the rise in these attacks is unprecedented and disconcerting, certain strategies are available for organisations to remain vigilant and proactive. Conducting thorough risk assessments of third-party vendors and suppliers is essential to identify potential vulnerabilities and evaluate their security posture.

They should also implement robust vendor management processes, including due diligence checks, security assessments, and contractual agreements that outline security requirements and responsibilities.Adhering to cybersecurity best practices, such as regular security updates and patches, strong authentication mechanisms, and employee awareness training to reduce the likelihood of successful attacks should be inculcated in regular practice. This can be supported by providing ongoing cybersecurity awareness training to employees, contractors, and third-party vendors to educate them about the risks of supply chain attacks and how to recognise and report suspicious activities.  On the organisation’s side, collaborating with trusted third-party security firms or internal teams to perform these tests, ensuring a thorough and objective evaluation of security controls and incident response capabilities, can be adopted.

Moreover, implementing secure software development practices, including secure coding standards, code reviews, and vulnerability assessments, to mitigate the risk of supply chain attacks through compromised software components or libraries will complete this process.Overall, a zero-trust approach to security must be embraced, which assumes that no entity, whether inside or outside the organisation’s network, should be trusted by default. A comprehensive business continuity and disaster recovery plan should be in place that accounts for supply chain disruptions.Power of collaborative defenceIt is extremely important to collaborate with other organisations and entities to effectively mitigate the risks associated with supply chain attacks like the one affecting XZ Utils.

The organisation must identify and nominate individuals to actively participate in the security community. Communities bring together diverse perspectives, experiences, and expertise from various stakeholders, including cybersecurity professionals, researchers, vendors, and users. By sharing knowledge and insights, the community can collectively identify emerging threats, vulnerabilities, and best practices for mitigating supply chain risks.A collaborative community can serve as an early warning system for supply chain attacks, enabling rapid detection and response to emerging threats. By sharing threat intelligence and indicators of compromise, community members can help each other identify and mitigate supply chain attacks before they cause widespread harm.

Lessons learnedThe incident of supply chain attacks, such as the one affecting XZ Utils, underscores several key lessons that organisations and the cybersecurity community can learn. Organisations must recognise the inherent risks associated with third-party vendors, suppliers, and software dependencies in their supply chain. This incident highlights the potential for attackers to exploit vulnerabilities in trusted software components, underscoring the need for heightened awareness and proactive risk management strategies.

Software supply chain security is a critical component of the overall cybersecurity posture. Organisations must prioritise the security of software components and dependencies, including rigorous vetting of third-party vendors, regular security assessments, and secure software development practices. Traditional security measures may not be sufficient to detect and mitigate supply chain attacks effectively. Organisations must invest in advanced threat detection and response capabilities, including real-time monitoring, threat intelligence analysis, and incident response readiness, to detect and respond to supply chain attacks promptly.

Engaging in pre-emptive detection and response to possible breaches via penetration testing, red team assessment, breach attack simulations, etc. is important to continuously review the effectiveness of the organisation’s security controls. Collaboration within the cybersecurity community is essential for addressing supply chain attacks effectively. Organisations should actively participate in industry alliances, and other community-based initiatives to share threat intelligence, best practices, and lessons learned to collectively strengthen defences against common adversaries and tactics.
With inputs from Asif Balasinor, associate director, Nangia Andersen

Shrikrishna Dikshit, Partner-Cyber Security, Nangia Andersen India


Click Here For The Original Source.

National Cyber Security