By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
TechgoonduTechgoondu
  • Audio-visual
  • Enterprise
    • Software
    • Cybersecurity
  • Gaming
  • Imaging
  • Internet
  • Media
  • Mobile
    • Cellphones
    • Tablets
  • PC
  • Telecom
Search
© 2023 Goondu Media Pte Ltd. All Rights Reserved.
Reading: Q&A: Supply chain attacks still rare but pose tough problem, says FireEye Mandiant
Share
Aa
TechgoonduTechgoondu
Aa
  • Audio-visual
  • Enterprise
  • Gaming
  • Imaging
  • Internet
  • Media
  • Mobile
  • PC
  • Telecom
Search
  • Audio-visual
  • Enterprise
    • Software
    • Cybersecurity
  • Gaming
  • Imaging
  • Internet
  • Media
  • Mobile
    • Cellphones
    • Tablets
  • PC
  • Telecom
Follow US
© 2023 Goondu Media Pte Ltd. All Rights Reserved.
Techgoondu > Blog > Cybersecurity > Q&A: Supply chain attacks still rare but pose tough problem, says FireEye Mandiant
CybersecuritySoftware

Q&A: Supply chain attacks still rare but pose tough problem, says FireEye Mandiant

Alfred Siew
Last updated: August 11, 2021 at 5:08 PM
Alfred Siew Published August 11, 2021
7 Min Read
SHARE
Such a sophisticated attack is not easy to prevent, says Steve Ledzian, the chief technology officer for Asia Pacific at FireEye Mandiant. PHOTO: Handout

Cyber attacks that target the supply chain have been grabbing the headlines in recent months because of the widespread and severe damage they have caused organisations, from government agencies to food processing plants.

Though they are still relatively rare compared to other forms of attacks that require less sophistication, they are a big problem because they abuse an existing trust, according to FireEye Mandiant.

The cyber security company, a trusted supplier itself, suffered a data breach in late 2020, after its security tools used to test the client defences were stolen.

However, it redeemed its reputation somewhat by finding the source of the breach – a supply chain attack on a network software company called SolarWinds, which subsequently led to discoveries of widespread breaches across the United States and other countries.

Such a sophisticated attack is not easy to prevent, says Steve Ledzian, the chief technology officer for Asia Pacific at FireEye Mandiant.

However, it also means that IT teams are now more vigilant not just in checking the software they get from suppliers but also the reputation of the suppliers themselves, he argues.

How often do these suppliers conduct a penetration test, for example, he asks, in this month’s Q&A.

NOTE: Responses have been edited for brevity and style.

Q: In a world where software runs everything, from routers to smart buildings, do you see deeper problems arising from supply chain attacks?

A: FireEye has been calling out supply chain risk for years now. It’s mentioned in our 2018, 2019 and 2020 security predictions reports.

As business and organisations continue to digitally transform and as the attack surface continues to grow, supply chain attacks will continue to grow along with them.

One important consideration is that supply chain compromise in and of itself is not a complete end-to-end attack, but rather just one component an attacker users to build out a complete attack chain.

This can be seen on the MITRE ATT&CK Framework. When an attacker breaks into a network, supply chain compromise is one technique that the attacker can use to accomplish the tactic of initial compromise.

There are many other ways to achieve initial compromise, and after achieving initial compromise, there are many other post-exploitation stages of the attack that must be complete before the full attack is successful.

The point here is that while supply chain compromise is difficult to detect, it is just one of many opportunities to break the chain of the attack, and prevent impact to the organisation.

Q: FireEye managed to find what caused its data breach late last year but how well protected is the digital supply chain in general today?

A: Supply chain attacks are comparatively rare compared to other types of cyber attacks, but as they expose multiple victims simultaneously, their impact can be quite high.

A lot of thought and effort have gone into improving security across the supply chain, but as it’s an attack that abuses a pre-existing trust, it’s a challenging problem to solve.

Governments are paying attention to the risk the supply chain poses. The Cyber Security Agency’s (CSA’s) recent Singapore Cyber Landscape 2020 Report highlights supply chain risk a number of times

Meanwhile, the United States Department Of Defense is leveraging the Cybersecurity Maturity Model Certification (CMMC) to address supply chain risk in the defence industrial base.

Q: Do you see criminal gangs, some originating from jurisdictions where they enjoy relative immunity from prosecution, continue to be the main threat actors in supply chain attacks? Or will state actors be involved at some point?

A: Supply chain attacks can be leveraged by threat actors with both financial motivations as well as espionage motivations.

Often, when we think about supply chain attacks, it’s the nation state threat actors that first come to mind as the culprits most likely to able to have the sophistication required to pull off such an attack.

Nation state threat actors have been doing this for some time now. Cyber criminals have been known to use supply chain attacks as well, but more commonly cyber criminals often don’t need to resort to a level of sophistication that requires a supply chain attack.

Cyber criminals have plenty of success in achieving initial access in other less sophisticated ways such as phishing, exploiting public facing applications, or leveraging compromised valid accounts.

Q: Supply chain attacks target the trust between businesses. How do you build trust when even a digital signature and encrypted data can be compromised at source?

A: It’s not an easy problem. Even if IT teams tightly scrutinise the software they deploy, organisations still need to worry about the software and utilities that employees download and use for themselves.

For example, while IT teams might deploy the latest version of stock browsers, users might add their own browser plug-ins or extensions which might silently perform malicious actions.

Technology controls are part of the solution but organisations are augmenting those in other creative ways. For example, before choosing a vendor, business sometimes will consider that vendor’s financials.

“Is this vendor financially viable” or “Will this vendor still be around to support our purchase next year or the year after?”

Procurement teams are now asking potential vendors about their security practices. “Do you do background checks on employees?” or “How often does your organisation do a penetration test or a red team assessment?”

We’ve long heard of how strong cyber security can be a differentiator, and now customers are starting to ask vendors to demonstrate that they take cyber security seriously.

You Might Also Like

As TikTok faces a possible ban in the US, should users elsewhere be worried?

RedCap: A new cellular IoT technology for the 5G era

Debate on computational photography misses what’s real, what’s lived outside a frame

Give a royal wave and avoid munchies during video calls, say etiquette experts Debrett’s

Sensing strong demand, Tata Comms pitches “hyperconnected” ecosystems

TAGGED: cyberattack, FireEye Mandiant, Q&A, supply chain attacks

Sign up for the TG newsletter

Never miss anything again. Get the latest news and analysis in your inbox.

By signing up, you agree to our Terms of Use and acknowledge the data practices in our Privacy Policy. You may unsubscribe at any time.
Alfred Siew August 11, 2021
Share this Article
Facebook Twitter Whatsapp Whatsapp LinkedIn Copy Link Print
Share
Avatar photo
By Alfred Siew
Follow:
Alfred is a writer, speaker and media instructor who has covered the telecom, media and technology scene for more than 20 years. Previously the technology correspondent for The Straits Times, he now edits the Techgoondu.com blog and runs his own technology and media consultancy.
Previous Article What caused the data leak at StarHub, the latest telco to get hit?
Next Article Twist in Poly Network heist, as hacker who stole digital coins says it was done for good
Leave a comment

Leave a Reply Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Stay Connected

Facebook Like
Twitter Follow

Latest News

Oppo Find N2 Flip review: A worthy flip phone alternative to Samsung
Cellphones Mobile March 26, 2023
As TikTok faces a possible ban in the US, should users elsewhere be worried?
Cybersecurity Internet March 24, 2023
Foodpanda to use Gogoro electric scooters in battery swapping trial with Cycle & Carriage
Enterprise Internet March 23, 2023
RedCap: A new cellular IoT technology for the 5G era
Enterprise Software Telecom March 23, 2023
//

Techgoondu.com is published by Goondu Media Pte Ltd, a company registered and based in Singapore.

.

Started in June 2008 by technology journalists and ex-journalists in Singapore who share a common love for all things geeky and digital, the site now includes segments on personal computing, enterprise IT and Internet culture.

banner banner
Everyday DIY
PC needs fixing? Get your hands on with the latest tech tips
READ ON
banner banner
Leaders Q&A
What tomorrow looks like to those at the leading edge today
FIND OUT
banner banner
Advertise with us
Discover unique access and impact with TG custom content
SHOW ME

 

 

POWERED BY READYSPACE
The Techgoondu website is powered by and managed by Readyspace Web Hosting.

TechgoonduTechgoondu
Follow US

© 2023 Goondu Media Pte Ltd. All Rights Reserved | Privacy | Terms of Use | Advertise | About Us | Contact

Join Us!

Never miss anything again. Get the latest news and analysis in your inbox.

Zero spam, Unsubscribe at any time.
 

Loading Comments...
 

    Welcome Back!

    Sign in to your account

    Lost your password?