Experts Say Active Monitoring and Threat Hunting Are Key Defense Against Software Supply Chain Cyberattacks
The headlines pertaining to cyberattacks on software supply chains have become a steady occurrence in recent times. From the Kaseya, SolarWinds, and 3CX attacks to MOVEit, experts suggest that active monitoring and threat hunting are key defenses against such attacks.
The Magnitude of the Attack Surface for Threat Actors
IANS faculty member, Jake Williams, highlighted that as traditional cyber defenses operate strictly within the “four walls” cybersecurity model, recent software supply chain security failures have demonstrated that security goes beyond this construct. Williams explained that the modern software supply chain has an enormous attack surface, including automated software updates, software-as-a-service (SaaS) tools, vendor-managed appliances, and the cloud, among others.
Evan Blair, the General Manager for Searchlight Cyber, spoke during a Dark Reading webinar about securing the software supply chain and illustrated the challenge’s complexity with a startling statistic. He stated that for every billion dollars a company makes in annual revenue, they will have around 1,000 suppliers. This means that cybercriminals will have multiple avenues into enterprise systems.
Magnitude of Sophisticated State-based APT Groups Targeting Smaller Organizations
Williams mentioned that advanced persistent threat (APT) groups that are sophisticated state-based actors are now targeting smaller organizations that mostly rely on basic cybersecurity protections.
The North Korean government linked the Lazarus Group successfully used Log4Shell and other known vulnerabilities to compromise Microsoft Web servers across companies of different sizes. In April, a Chinese APT group, Evasive Panda, hijacked application updates for Chinese-developed software to deploy spyware to smaller targets.
The Threat of AI to the Software Supply Chain
The rise of artificial intelligence (AI) further threatens the security of the software supply chain as researchers have shown that hackers can use it to embed malicious malware into software packages aimed at developers. Williams explained that Cybercriminals can take AI package hallucinations suggestions and create malicious packages to match their false recommendations.
This adds another layer of complexity to identifying supply chain threats to enterprise networks. Companies with robust monitoring and threat hunting programs in place are best positioned to prevent the next supply chain attack.
Defending Against Software Supply Chain Attacks
Williams recommended that defense against software supply chain attacks boils down to monitoring and threat hunting. The supply chain security monitoring involves monitoring the security of third parties in the software supply chain as a necessity.
According to Williams, Cyber threat intelligence (CTI) teams are vital for proactively monitoring software supply chain risks, but their task is difficult. Williams said that CTI teams don’t have insight into cycles and data necessary to synthesize, report, or action it for third parties. Blair told the Dark Reading webinar audience that about a third of CISOs are currently using Dark Web data to monitor for cyberattacks on their supply chains, while a full 71% would like visibility into whether suppliers are being discussed in the Dark Web.
Mature Threat Hunting Is the Key Defense
Williams warned that it is unrealistic to expect organizations to prevent software supply chain attacks. Instead, mature threat hunting capabilities are vital, as organizations cannot catch every attack as it is happening. He also cautioned teams considering outsourcing a threat hunting program, stating that many are merely front running the indicators of compromise (IoCs) being put into their endpoint detection and response (EDR) solutions.
Editorial
The recent spate of software supply chain attacks indicates that a more sophisticated and integrated approach to cybersecurity is necessary. The focus has shifted from the traditional cybersecurity model of securing the four walls to a broader spectrum of security concerns that go beyond these walls.
Organizations need to take a proactive approach to cybersecurity, recognizing that the threat of cyberattacks has substantially increased and is continually evolving. Cybersecurity has become a vital aspect of an organization’s risk management strategy and should be considered in every business decision.
Advice
Organizations must have protocols and tools in place to actively monitor their software supply chain continually. Implementing mature threat hunting capabilities will also be important as it enables organizations to identify attacks early on and take appropriate actions before the damage is done.
It is important to note that outsourcing threat hunting should be done with caution as many vendors are only repeating what has already been detected. Companies are advised to establish in-house monitoring and threat hunting capabilities, which could require additional investments in personnel and technology.
Lastly, dark web forums and social media platforms are essential sources for open-source intelligence, and organizations should consider monitoring accounts and groups that discuss threats to their software supply chain.
<< photo by Woody Kelly >>
You might want to read !
- The Resurfacing of Mt. Gox Cybercrime Charges: An Editorial Exploration
- The Growing Threat of Cyber Espionage from ‘Stealth Soldiers’ Targeting Government Entities
- Russian Hackers Face Legal Action for Crypto Exchange Attack: Analysis
- “Mastering the Art of Threat Hunting: A Step-by-Step Guide to Protect Against Cybercrime”
- “Uncovering Hidden Dangers: A Step-by-Step Guide to Implementing Effective Threat Hunting and Intelligence”
- The Art of Doing Less: Maximizing Value in Times of Scarcity
- “Fortinet’s Response: Fixing the Critical FortiGate SSL VPN Vulnerability”
- The Rise of System Intrusions: Why They Pose a Greater Threat than DOS Attacks
