https://www.channelfutures.com/wp-content/themes/channelfutures_child/assets/images/logo/footer-new-logo.png
  • Home
  • Technologies
    • Back
    • SDN/SD-WAN
    • Cloud
    • RMM/PSA
    • Security
    • Telephony/UC/Collaboration
    • Cable
    • Mobility & Wireless
    • Fiber/Ethernet
    • Data Centers
    • Backup & Disaster Recovery
    • IoT
    • Desktop
    • Artificial Intelligence
    • Analytics
  • Strategy
    • Back
    • Mergers and Acquisitions
    • Channel Research
    • Business Models
    • Distribution
    • Technology Solutions Brokerages
    • Sales & Marketing
    • Best Practices
    • Vertical Markets
    • Regulation & Compliance
    • Diversity, Equity & Inclusion
  • MSP 501
    • Back
    • 2022 MSP 501 Rankings
    • 2022 NextGen 101 Rankings
    • MSP 501 Information Center
  • Intelligence
    • Back
    • Galleries
    • Podcasts
    • From the Industry
    • Reports/Digital Issues
    • Webinars
    • White Papers
  • Channel Futures TV
  • EMEA
  • Channel Chatter
    • Back
    • People on the Move
    • New/Changing Channel Programs
    • New Products & Services
    • Industry Honors
  • Resources
    • Back
    • Advisory Boards
    • Industry Organizations
    • Our Sponsors
    • Advertise
    • 2022 Editorial Calendar
  • Awards
    • Back
    • 2022 MSP 501
    • Channel Influencers
    • Circle of Excellence
    • DE&I 101
    • Channel Partners 101 (CP 101)
  • Events
    • Back
    • CP Conference & Expo
    • MSP Summit
    • Channel Partners Europe
    • Channel Partners Event Coverage
    • Webinars
    • Industry Events
  • About Us
  • DE&I
Channel Futures
  • NEWSLETTER
  • Home
  • Technologies
    • Back
    • SDN/SD-WAN
    • Cloud
    • RMM/PSA
    • Security
    • Telephony/UC/Collaboration
    • Cable
    • Mobility & Wireless
    • Fiber/Ethernet
    • Data Centers
    • Backup & Disaster Recovery
    • IoT
    • Desktop
    • Artificial Intelligence
    • Analytics
  • Strategy
    • Back
    • Mergers and Acquisitions
    • Channel Research
    • Business Models
    • Distribution
    • Technology Solutions Brokerages
    • Sales & Marketing
    • Best Practices
    • Vertical Markets
    • Regulation & Compliance
    • Diversity, Equity & Inclusion
  • MSP 501
    • Back
    • 2022 MSP 501 Rankings
    • 2022 NextGen 101 Rankings
    • MSP 501 Information Center
  • Intelligence
    • Back
    • Galleries
    • Podcasts
    • From the Industry
    • Reports/Digital Issues
    • Webinars
    • White Papers
  • Channel Futures TV
  • EMEA
  • Channel Chatter
    • Back
    • People on the Move
    • New/Changing Channel Programs
    • New Products & Services
    • Industry Honors
  • Resources
    • Back
    • Advisory Boards
    • Industry Organizations
    • Our Sponsors
    • Advertise
    • 2022 Editorial Calendar
  • Awards
    • Back
    • 2022 MSP 501
    • Channel Influencers
    • Circle of Excellence
    • DE&I 101
    • Channel Partners 101 (CP 101)
  • Events
    • Back
    • CP Conference & Expo
    • MSP Summit
    • Channel Partners Europe
    • Channel Partners Event Coverage
    • Webinars
    • Industry Events
  • About Us
  • DE&I
    • Newsletter
  • REGISTER
  • MSPs
  • VARs / SIs
  • Agents
  • Cloud Service Providers
  • Channel Partners Events
 Channel Futures

From the Industry


Cisco

Sponsor Content

Supply chain attacks

What You Need to Know about Supply Chain Attacks

  • Written by Cisco Umbrella Guest Blogger
  • May 24, 2021
Supply chain attacks sit at the crossroad between motivation and less secure targets.

Let’s say that you’re confident in your security posture. You have endpoint protection in place, firewalls defending the perimeter and phishing filters on incoming email. You’ve leveraged tools to check for anomalies in your network traffic, rolled out an SSO solution and implemented processes to securely connect to the network remotely.

These defenses make it harder for bad actors to compromise your organization. Not only that, but a strong security posture is more likely to push all but the most motivated bad actors to move on to other, less secure targets. It’s at this crossroad–between motivation and less secure targets–where supply chain attacks sit.

Bad actors will always look for weak points to attack. It may be that your weakest point is not within your own organization, but within one of your suppliers. You trust their products and services, relying on them to conduct business. Unfortunately, if their security posture isn’t as mature as yours, attackers can exploit that trust and use it in attacks.

This is what a supply chain attack is. In these attacks, bad actors compromise a secondary organization that supplies software or services to a primary, target organization. Their goal is to compromise the primary target when they use the software or service of the secondary target. In short, they piggyback on the secondary target to get their malicious code into the primary target.

How the Attack Works

Although there are several ways to attack a supply chain, there is a general pattern seen in many attacks. First, the bad actors gather what information they can find about the external products and services used by the primary target. The attackers assess the suppliers of those products and services and then choose a secondary target, based on what they discover. This secondary target now becomes the fulcrum of the attack.

Next, the bad actors attempt to compromise the secondary target. The ways they go about doing so will vary, often choosing the path of least resistance. They could try anything from spear phishing to exploiting vulnerabilities at the network edge. The choice will largely depend on the secondary target itself—where the attackers perform reconnaissance to determine the approach most likely to lead to a successful breach.

Once in, the attackers move laterally. Often, their objective is to compromise the secondary target’s software build system, where the source code for their software is stored, updated and compiled. One of the easiest ways to achieve this is by compromising a developer’s machine, or their credentials, gaining the required access. With access to the build system, the attackers can surreptitiously insert malicious code, like a backdoor or RAT, into the software in question. The secondary target, unaware of the presence of malicious code, compiles the latest updates, signs the binary and then releases it.

At this point, the attackers wait for the primary organization to download and install the compromised update. Once this occurs, the malware phones home and attackers are in, now having access into the primary organization they intended to compromise.

Supply chain attacks

Notable Examples

There are several supply chain attacks that have made headlines. One of the most notable happened last year, when bad actors compromised software updates to SolarWind’s Orion IT management software. The attackers managed to stay hidden for months, during which multiple U.S. government agencies and corporations were compromised.

But this attack was far from the first to use a supply chain as a vector. In 2017, the wiper malware NotPetya is believed to have begun its spread by leveraging

  • Page 1
  • Page 2
  • Page 3
Tags: MSPs From the Industry Intelligence Security Strategy Cisco Sponsor Content

Most Recent


  • Fireworks
    Cybersecurity Experts: July 4th Weekend Ripe for Ransomware, Other Attacks
    Russia definitely has motivation to exploit the July 4th holiday in some way.
  • Old job new job
    New Pure Storage EMEA Channel Leader Details Jump from Veritas
    Geoff Greenlaw says he wanted to join a high-growth company after 18 years at Veritas.
  • Unemployed, laid off
    Qumulo Confirms Layoffs, Citing Economic Conditions, Reaching Profitability
    Qumulo has raised $351 million in funding at a valuation of more than $1.2 billion.
  • how to make embracing change part of your company culture
    How to Make Embracing Change Part of Your Company Culture
    When we anticipate, understand, model, and celebrate change in company culture, we create a foundation that opens doors and sets us up for growth and success.

Leave a comment Cancel reply

-or-

Log in with your Channel Futures account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • 5G
    5G: Revolution or Evolution?
  • M&A
    Why All MSPs Need to Understand the M&A Landscape
  • hurricane season
    4 Things MSPs Should Consider When Prepping for Hurricane Season
  • zero-trust
    The Benefits of Zero-Trust Security over VPNs

Upcoming Events

View all

MSP Summit

September 13, 2022 - September 16, 2022

Channel Partners Conference & Expo

May 1, 2023 - May 4, 2023

Galleries

View all

Cybersecurity Experts: July 4th Weekend Ripe for Ransomware, Other Attacks

July 1, 2022

Images: HPE Discover 2022 Expo Hall Featuring Microsoft, Ingram Micro, VMware

July 1, 2022

Tetra Defense: Unpatched Systems Behind Costliest Cyberattacks in Q1

July 1, 2022

Industry Perspectives

View all

How to Make Embracing Change Part of Your Company Culture

July 1, 2022

How to Differentiate to Leverage 5G’s Revenue Opportunity

June 28, 2022

Why MSPs are Attractive Cyberattack Targets

June 24, 2022

Webinars

View all

VEP Platform for Delivery of uCPE, SD-WAN and SASE

June 29, 2022

The Digital Worker: How to Empower Customers with a Flexible, Scalable VDI Solution to Enable Remote Work

June 30, 2022

Growing Partner Revenue and Customer Satisfaction with Power Management Services

June 23, 2022

White Papers

View all

Work Goes Remote – (and Other Top ITOps Trends)

May 25, 2022

The New Bottom Line: How MSPs Can Meet the Healthcare Crisis While Evolving Their Businesses

April 19, 2022

How to build a Security Operations Center (on a budget)

April 4, 2022

Channel Futures TV

View all

Vonage a ‘Single Communications Stack Provider’ for Partners, Customers

IBM, Partners and the $1 Trillion Hybrid Cloud Opportunity

June 26, 2022

Agents Share ‘Secrets,’ Industry Opportunity

May 11, 2022

AT&T, Microsoft, Cisco, ThreatLocker on Unlocking Partner Potential

May 6, 2022

Twitter

ChannelFutures

#Cybersecurity experts say July 4th weekend ripe for #ransomware, other attacks. @blumirasec @Netenrich @Vectra_AI… twitter.com/i/web/status/1…

July 1, 2022
ChannelFutures

New @PureStorage #ITchannel leader details jump from Veritas. dlvr.it/STBsLB https://t.co/BFSmZ5ubff

July 1, 2022
ChannelFutures

New Pure Storage EMEA Channel Leader Details Jump from Veritas dlvr.it/STBrPQ https://t.co/LjFXo6FbVF

July 1, 2022
ChannelFutures

.@qumulo latest channel business to confirm layoffs impacting 80 workers. #storage dlvr.it/STBh1L https://t.co/hE10wBA3ka

July 1, 2022
ChannelFutures

Ranking on the #MSP501 isn't just an industry accolade... it brings pride to each company and their team. Congratu… twitter.com/i/web/status/1…

July 1, 2022
ChannelFutures

Company culture is ever changing in today's society - here are ways to embrace that change with @coxbusiness… twitter.com/i/web/status/1…

July 1, 2022
ChannelFutures

#HPEDiscover expo hall images. Featuring @IngramMicroInc @msPartner @Veeam @Commvault and more.… twitter.com/i/web/status/1…

July 1, 2022
ChannelFutures

.@TetraDef report shows unpatched systems behind most costly cyberattacks in Q1. dlvr.it/ST9RSF https://t.co/ovvS3aJKD6

July 1, 2022

MSP 501

The industry's largest and most comprehensive partner awards program.

Newsletters and Updates

Sign up for The Channel Report, Channel Futures Update, MSP 501 Newsletter and more.

Live Channel Events

Get the latest information on the next industry-leading Channel Partners event.

Galleries

Educational slide shows and images from live events.

Media Kit And Advertising

Want to reach our audience? Access our media kit.

DISCOVER MORE FROM INFORMA TECH

  • Channel Partners Events
  • Telecoms.com
  • MSP 501
  • Black Hat
  • IoT World Today
  • Omdia

WORKING WITH US

  • Contact
  • About Us
  • Advertise
  • Newsletter

FOLLOW Channel Futures ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2022 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X