By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
TechgoonduTechgoondu
  • Audio-visual
  • Enterprise
    • Software
    • Cybersecurity
  • Gaming
  • Imaging
  • Internet
  • Media
  • Mobile
    • Cellphones
    • Tablets
  • PC
  • Telecom
Search
© 2023 Goondu Media Pte Ltd. All Rights Reserved.
Reading: In a software-defined, interconnected world, supply chain attacks are hard to ward off
Share
Aa
TechgoonduTechgoondu
Aa
  • Audio-visual
  • Enterprise
  • Gaming
  • Imaging
  • Internet
  • Media
  • Mobile
  • PC
  • Telecom
Search
  • Audio-visual
  • Enterprise
    • Software
    • Cybersecurity
  • Gaming
  • Imaging
  • Internet
  • Media
  • Mobile
    • Cellphones
    • Tablets
  • PC
  • Telecom
Follow US
© 2023 Goondu Media Pte Ltd. All Rights Reserved.
Techgoondu > Blog > Cybersecurity > In a software-defined, interconnected world, supply chain attacks are hard to ward off
CybersecurityEnterpriseSoftware

In a software-defined, interconnected world, supply chain attacks are hard to ward off

Alfred Siew
Last updated: February 18, 2021 at 6:02 PM
Alfred Siew Published February 15, 2021
6 Min Read
SHARE
ILLUSTRATION: Pete Linforth from Pixabay

When a Wi-Fi router maker demonstrated how an end user could remotely control his home’s Internet access a few years ago at a media event, I was a little surprised.

Raising my hand, I asked who would want that kind of technology. Shouldn’t turning off remote access be the first thing you do when setting up your home router, to ward off unauthorised access?

I’d take that advice back now. Much of today’s Wi-Fi networks are software-defined, so they can be easily accessed via an app and controlled or even modified for different roles with simply a tap on your phone screen.

And it’s not just network equipment that has become software-defined, as part of a global move towards buying “standard” equipment that can be bought from many vendors and using a commonly available software stack to run whatever you need, from networking to storage.

Indeed, much of today’s infocomm infrastructure is software-defined or controlled. This includes the mega data centres that require almost no human to physically change a disk and even “open” 5G networks that rely less on proprietary hardware than easily available alternatives.

Therein lies an emerging problem as well. Because everything is interconnected and easily controlled remotely by software, one segment that has become increasingly attractive to hackers is the supply chain.

Since they can’t easily penetrate the hard fortress, hackers now attempt to go for the third-party vendors these victims depend on to run their infrastructure efficiently.

To get to United States government agencies last year, hackers who were likely state-sponsored attacked SolarWinds, the vendor that made the networking monitoring software used by them and hundreds of other organisations around the world.

Because SolarWinds’ software gained so much access and insight into the workings of these organisations’ infrastructure, hackers could gather valuable intel to slowly find their way into their victims’ systems.

There’s another element that makes this type of attack difficult to defend against – trust.

Vendors such as SolarWinds are trusted for their own cybersecurity. They certainly should not be easy to breach, because so many customers rely on them for such a critical service.

Yet, if there’s a lesson that’s always worth repeating, it’s that nobody is safe from any attack.

Even FireEye, the much-respected cybersecurity company relied on by many Western companies, found itself breached late last year by a sophisticated attack utilising techniques that were not seen before.

The company has been open in disclosing how it was compromised – its “red team” tools used to test customers’ machines for vulnerabilities were stolen. What’s also clear is that even a top-notch supplier can be breached.

Just this past week in Singapore, Singtel was also impacted by a supply chain attack, where one of its third-party vendors’ compromise led to customers’ data being leaked.

The File Transfer Appliance (FTA) file-sharing system is a 20-year-old product from cloud-sharing company Accellion but it still contained data that was valuable enough to be stolen.

So, how do you ward off such supply chain attacks, which though less common than other attacks are often more invasive and possibly more damaging?

With so many systems all interconnected today, it’s too late to literally unplug the system and put the genie back in the bottle. That way, you are also DDoS’ing yourself or denying your own users access via a self-inflicted Distributed Denial of Service of sorts.

One example of our interconnected world is a typical webpage today. Look up the code behind it and you can find dozens of sources of data that have been pulled together to display that information on your Web browser.

Something similar is happening with the digital systems we are building to better make sense of data and tell us in real time what is happening in the real world.

Everything is interconnected, and we are trying to let software run the show to automate and control the “plumbing” of the infrastructure so we don’t have to.

Now, what if the artificial intelligence (AI) that is the ultimate “supplier” of the insights humans draw on to make decisions is compromised? Already, decisions made by AI are hard to unravel and explain; what more those made by a compromised AI?

This may seem farfetched but there appears to be an increasingly worrying trend that many experts are cautioning about (read an IEEE paper here on hacking AI).

For businesses, unfortunately, going digital is the only way forward. They have little choice except to keep reducing risk by bolstering defences as best as possible and to be prepared for a potential fallout by drawing up contingency plans, say, for a data breach.

This is the new reality: You not only have to worry about locking the gates at night – you have to hope that the lock maker you trust hasn’t been compromised, either.

You Might Also Like

Debate on computational photography misses what’s real, what’s lived outside a frame

How mirrorless cameras can attract users in era of computational photography

Q&A: Delivering movies digitally and securely from around the world

In remote Taiwan, firefighters use a 5G base station “in a box” when responding to emergencies

Singtel livestreams concert in train cabin 17m underground to show off 5G network

TAGGED: Accellion, cyberattack, DDoS, File Transfer Appliance, FireEye, SingTel, solarwinds, supply chain attack, think

Sign up for the TG newsletter

Never miss anything again. Get the latest news and analysis in your inbox.

By signing up, you agree to our Terms of Use and acknowledge the data practices in our Privacy Policy. You may unsubscribe at any time.
Alfred Siew February 15, 2021
Share this Article
Facebook Twitter Whatsapp Whatsapp LinkedIn Copy Link Print
Share
Avatar photo
By Alfred Siew
Follow:
Alfred is a writer, speaker and media instructor who has covered the telecom, media and technology scene for more than 20 years. Previously the technology correspondent for The Straits Times, he now edits the Techgoondu.com blog and runs his own technology and media consultancy.
Previous Article What next for Huawei in a post-pandemic 2021?
Next Article In Singtel hacking case, lessons to be learnt on managing fallout
Leave a comment

Leave a Reply Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Stay Connected

Facebook Like
Twitter Follow

Latest News

Sony Playstation VR2 review: An immersive experience awaits
Gaming March 21, 2023
Debate on computational photography misses what’s real, what’s lived outside a frame
Cellphones Imaging Mobile Software March 19, 2023
Get the best Mac-friendly monitors for colour-perfect design work
PC March 16, 2023
LG OLED Flex LX3 review: A bendable gaming monitor for the adventurous (and rich)
Audio-visual Gaming PC March 13, 2023
//

Techgoondu.com is published by Goondu Media Pte Ltd, a company registered and based in Singapore.

.

Started in June 2008 by technology journalists and ex-journalists in Singapore who share a common love for all things geeky and digital, the site now includes segments on personal computing, enterprise IT and Internet culture.

banner banner
Everyday DIY
PC needs fixing? Get your hands on with the latest tech tips
READ ON
banner banner
Leaders Q&A
What tomorrow looks like to those at the leading edge today
FIND OUT
banner banner
Advertise with us
Discover unique access and impact with TG custom content
SHOW ME

 

 

POWERED BY READYSPACE
The Techgoondu website is powered by and managed by Readyspace Web Hosting.

TechgoonduTechgoondu
Follow US

© 2023 Goondu Media Pte Ltd. All Rights Reserved | Privacy | Terms of Use | Advertise | About Us | Contact

Join Us!

Never miss anything again. Get the latest news and analysis in your inbox.

Zero spam, Unsubscribe at any time.
 

Loading Comments...
 

    Welcome Back!

    Sign in to your account

    Lost your password?