S
Supply Chain Attack
A cyberattack that targets less-secure elements in a supply chain to compromise the primary target through trusted relationships.
What is a Supply Chain Attack?
A supply chain attack targets less-secure elements in a supply chain to compromise a primary target. By attacking vendors, suppliers, or third-party software, adversaries can reach many downstream targets through a single compromise.
Types of Supply Chain Attacks
Software Supply Chain:
- Compromised software updates
- Malicious open-source packages
- Infected development tools
- Code repository attacks
Hardware Supply Chain:
- Tampered hardware components
- Counterfeit devices
- Modified firmware
- Backdoored chips
Service Supply Chain:
- Compromised managed service providers
- Attacked cloud services
- Breached vendors with access
Notable Incidents
- SolarWinds (2020): Malicious update affected 18,000+ organizations
- Kaseya (2021): MSP software used to deploy ransomware
- 3CX (2023): Desktop app compromised in supply chain attack
- CodeCov (2021): CI/CD tool breach exposed secrets
Mitigation Strategies
- Vendor risk assessment
- Software composition analysis
- Code signing verification
- Network segmentation
- Zero trust architecture
- Continuous monitoring