Sophisticated supply chain attacks started in the USA but we can be sure Asia will not be spared.
When the SolarWinds supply chain hacking first happened in late 2020, one country escaped the adverse effects that hit 18,000 users of SolarWinds’ IT management software, including some of the world’s biggest companies.
That country was Singapore, and the attack may have been the first time many organizations there had even considered supply chain risks.
However, with a series of hacks in recent months, supply chain risks have quickly been elevated to front-page headlines in Singapore. The bigger of two hacks affected one of the biggest telcos when its vendor was compromised. More recently, Singapore’s national trade union was affected when a third-party contact center service vendor’s mailbox was hacked.
All told, more than 150,000 personal records were taken in the two hackings, with less than two months separating them. Maybe another global incident of the extent of SolarWinds will take a while to occur, but it is clear that businesses must begin preparing for supply chain hacks now.
As these types of attacks grow in frequency and sophistication, companies need to ready their cybersecurity postures and ramp up their resilience.
Learn the right lesson
The SolarWinds incident raised concerns about patching and keeping software updated, because that was exactly what the hackers preyed on. The right takeaway from the incident is for organizations to keep their environments perpetually in tune with the latest vulnerability disclosures, and not to make compromises on software updates!
If we compare the precision and the lethality of the SolarWinds attack to other hackings, it can be considered similar to the 2014 Sony Pictures hack, or the 2015 US Office of Personnel Management attack. These attacks are considered rarefied air among cybersecurity professionals. Should organizations elect not to update their network for fear of a malignant patch, they will become vulnerable to countless other attacks that are less precise than these rarified campaigns.
Protecting data with zero trust
When considering how your suppliers broaden your threat profile, the natural move is to guard your data more closely.
According to media reports, both the cyberattacks that occurred in Singapore were the result of vendor systems being breached. Both of these hacks were contained relatively quickly, and the impact was limited to the data owned by those specific vendors.
However, in the case of SolarWinds, the backdoor malware used stealth tactics to monitor if it was being analyzed, and suppressed communications and alerts. Once inside, utilizing the backdoor, hackers could take any number of secondary steps to amplify or extend the breach.
While Sunburst is an extreme example, in any situation, it is best to maintain an aggressive and healthy cybersecurity posture to contain risks as much as possible in the event of a potential breach. Organizations should identify their most critical information and data and apply the principle of least privilege to these items. A sound approach is to assume that your most critical assets are under attack— especially those that leverage third-party applications where elevated privileges are a requirement for effective operation.
Adopting a Zero Trust policy for these assets, as well as your entire environment, will help to contain breaches, if and when they happen.
Shifting left can boost your cybersecurity
Attackers can use time to their advantage in different ways. Sometimes, it is speed, as many attacks rely on the speed at which attackers can penetrate, reconnoiter, locate, and exfiltrate sensitive data.
In the case of SolarWinds, the attacker used time to instead make painstakingly small and subtle changes to code in the software supply chain to weaponize SolarWinds’ trusted application, leading to a slew of other threats.
In either type of situation, making your own teams faster will only serve to improve your organization’s readiness in the event of a breach. This “shifting left” will help your organization—meaning, the earlier you are able to tackle issues, the less trouble you will have later. In a security context, shifting left suggests that beyond understanding your organization’s endpoints, you should acquire information about external threats as they relate to an organization’s own security posture.
Shifting left will help cyber defenders prepare for breaches by anticipating breaches, detecting them, and running more effective mitigation procedures in the worst-case scenario. The critical first step to shifting left is gaining an understanding of your organization’s endpoints, because without this information, it is impossible to understand your organization’s own vulnerabilities.
Hackers will not wait for you
Supply chain hacks show all too well that bad actors are constantly innovating, or even exchanging tips and tricks with the hackers behind SolarWinds to capitalize on known weaknesses in organizations.
Organizations across the region need to protect themselves now, because hackers are not going to wait.
If your cybersecurity posture is dulled by complacency, then your organization is even more susceptible to the latest hack, magnified by the multitude of suppliers linked to your network, as well as their own suppliers.