What is a Supply Chain Attack?
Definition and Purpose
Supply chain attacks are cyberattacks that target vulnerabilities in the supply chain of a product or service to compromise a larger organization. Instead of directly attacking the target, attackers exploit weaknesses in third-party vendors or partners to gain access to the target's systems or data. These attacks can involve malicious code injection, hardware tampering, or other methods to compromise the supply chain.
Attacks on the rise
Supply chain attacks are rising (up 430%) as attackers target weaker links outside hardened enterprise environments. Types include:
-
Upstream server attacks: Infect systems “upstream,” spreading malware via updates (e.g., SolarWinds).
-
Midstream attacks: Target tools used in software development.
-
Dependency confusion: Insert malicious packages with the same name but higher version on public repos.
-
Stolen certificates: Use stolen SSL/code-signing keys to compromise secure sites (like Stuxnet).
-
CI/CD attacks: Insert malware into automation pipelines, e.g., by cloning GitHub repos.
-
Open source attacks: Inject malicious code into widely used open source projects.
Enterprise 2FA and password manager. One key for all your passwords. Experience fully automated login and security. Faster MFA, auto-OTP, password manager, and worry-free workflow with proximity-based privileged access management for Windows 11, 10, 8, 7, VPNs, websites, and desktop applications including MES, EHR, CAD, and more.
or call 240-547-5446
