Understanding and Defending Against Supply Chain Attacks

​Reported by: Shahirah Abdul Aziz

​Supply chain attacks represent one of the most challenging threats in cybersecurity today. By targeting trusted third-party suppliers, attackers bypass traditional defences, gaining unauthorized access to secure networks and systems. These attacks, such as the XZ upstream supply chain compromise highlighted by Bitdefender, demonstrate the urgency for organizations to bolster defences against indirect threats.

The Mechanics of a Supply Chain Attack
Supply chain attacks occur when malicious actors infiltrate a trusted provider to inject harmful code into legitimate software or hardware components. This code is then unknowingly deployed by end-users within their systems. A prime example is when malicious code in the XZ Utils library went unnoticed by Linux systems that rely on it for data compression, allowing attackers potential access across multiple platforms.

1. Attack Pathways: Kleindorfer and Saad emphasize the complexity of such disruptions, which can happen at various stages — development, distribution, or maintenance. Each stage can harbour vulnerabilities exploitable by malicious actors, especially in outsourced, globally distributed supply chains​.
2. Challenges in Detection: Once malicious code infiltrates through trusted channels, its identification becomes challenging. Most security protocols assume the legitimacy of updates from trusted suppliers, making early-stage detection difficult.

High-Profile Incidents of Supply Chain Attacks
Recent incidents illustrate the impact of these attacks:

• SolarWinds (2020): One of the most severe attacks in recent history, the SolarWinds compromise demonstrated how deeply attackers could infiltrate through software updates, impacting numerous organizations worldwide.
• XZ Utils Backdoor (2024): Bitdefender’s report details how attackers embedded a backdoor in the XZ Utils library, commonly used in Linux environments. The compromised library was widely distributed before detection, exemplifying the danger of such vulnerabilities in open-source software.
• 3CX Desktop App Compromise (2023): Threat actors targeted the 3CX Desktop App, a VoIP solution, by injecting malicious code into its installers. This attack exposed numerous organizations to potential data breaches and system compromises.

Preventative Measures
Drawing from Kleindorfer and Saad's disruption risk framework, organizations should take a proactive stance against supply chain threats by implementing structured and comprehensive strategies​:

1. Vendor Management: Ensure that all vendors comply with stringent security practices and undergo regular audits. Use frameworks such as the SAM-SAC model, which emphasizes the importance of specifying sources of risk, assessing vulnerabilities, and implementing effective risk mitigation practices.
2. Continuous Monitoring and Threat Detection: Real-time monitoring of systems helps detect unusual activities indicative of a supply chain attack. Solutions employing machine learning and threat intelligence integration can provide the necessary foresight to pre-empt and respond to attacks.
3. Threat Intelligence: Maintain up-to-date knowledge of vulnerabilities, specifically within supply chain channels. By tracking threats and patches, organizations can pre-emptively defend against emerging risks.
4. Risk Diversification and Collaboration: Supply chain resilience is enhanced by diversifying sourcing options and collaborating with supply chain partners to share information on potential threats.

How 57Network Supports Supply Chain Security with Bitdefender GravityZone Business Security Solutions
As a Bitdefender Partner, 57Network empowers organizations to guard against sophisticated supply chain attacks through GravityZone Business Security. Our solution provides:
​

• Real-Time Threat Detection: GravityZone offers continuous monitoring to detect abnormal behaviours indicative of supply chain breaches, intercepting issues early with predictive analytics.
• Managed Detection and Response (MDR): Integrated within GravityZone, MDR actively hunts for threats and provides rapid, hands-on response capabilities, allowing for swift containment and mitigation of attacks.
• Up-to-Date Threat Intelligence: With insights from global threat feeds, GravityZone proactively tracks vulnerabilities across software dependencies, enabling quick responses to emerging risks.
• Automated, Flexible Response: GravityZone’s automated responses quickly isolate threats, while customizable strategies provide adaptable protection based on each client’s needs.​
• Enhanced Visibility: Centralized visibility across endpoints allows rapid identification of weak points, improving response times and minimizing blind spots.
• Vendor Risk Management: We support structured assessments of vendor security practices, ensuring safer integrations with third parties.

By partnering with 57Network and Bitdefender GravityZone, organizations gain robust defences, real-time insights, and tailored responses to fortify their supply chain against evolving threats.

Reference:
What Is a Supply Chain Attack?
Technical Advisory: XZ Upstream Supply Chain Attack
Technical Advisory: Software Supply Chain Attack Against 3CX Desktop App
Supply Chain Attacks: Impact, Examples, and 6 Preventive Measures
Managing Disruption Risks in Supply Chains