A supply chain attack aims to damage an organization by targeting less secure elements in its supply network. The initial victim becomes a steppingstone to infiltrate other networks. Exploiting a service provider’s data supply chain or traditional manufacturer supply chain has been the objective in many recent major data breaches. There was a 78% increase in supply chain attacks from 2018 to 2019—and 45% of those attacks targeted federal agencies.
Instead of directly compromising an agency, attackers infiltrate an integrator or partner. That helps attackers bypass the strong existing defenses of agencies themselves. Once inside the network, attackers can move vertically, compromising other vendors, software, IT contractors, or IoT devices. Attackers also have the option of moving horizontally, taking advantage of connections to other agencies or contractors that share joint projects.
The 2013 attack against Target is the classic example of a supply chain attack. Attackers used stolen credentials from Target’s HVAC systems vendor to access the retailer’s network and move laterally into the systems that stored customer payment information.
The Scope of the Cybersecurity Problem
The movement of nation states into the cyberattack business has increased attackers’ technological capabilities. A recent study found that if Russia infiltrates a network, that organization would only have 19 minutes to mitigate the risk and shut it down before the attackers move to another server, PC, or device in the network. Moreover, the risk to government agencies is growing in a number of alarming ways.
- Thales federal data threat report showed that 60% of federal agencies have been compromised at least once.
- 35% of federal agencies were compromised just last year.
- Of that 35%, 14% had also been compromised the year before.
- COVID-19 has increased the use of BYOD policies.
- IoT also multiplies the availability of soft targets.
Although 94% of malware is delivered by email, most people get dozens of emails a day, making it hard to police all of them. The recent compromise of Solar Winds, for example, included dormant malware hidden in a file or attachment.
Supply Chain Attack Scenarios
A secure file gateway is next generation technology that handles attacks in a fundamentally different way from most cybersecurity solutions, stopping a threat before it spreads into a network. Many cybersecurity vendors focus in on the execution of an attack—determining how it happened after it has occurred. A secure file gateway helps agencies prevent the attack from being executed while also allowing the agency to access its environment and continue to be productive.
Rather than quarantining problematic files the way most antivirus programs would, agencies need a solution that sanitizes them. A secure file gateway cleans the files by quarantining the negative data; then it places the positive data in a new template so it can be used by the end user.
For example, a small law firm might send a message to an insurance provider, unaware that there was malicious code hidden inside the Excel spreadsheet. When the end user opens up the spreadsheet, it launches a shell session for the attacker to attack the insurance provider’s network. But a secure file gateway breaks down that file into pieces and examines each one. It removes the malicious file within the Excel file, directly thwarting the attack so it never makes it into the network. The end user receives a sanitized message with a new Excel spreadsheet that does not contain the malicious code.
Enabling Both Safety and Productivity
In another scenario, a legitimate email message might contain a link for free ice cream that was actually a threat with an embedded shell file. The secure file gateway directly processes the message, stripping away the shell file and retaining the real message. It sanitizes messages as they’re being downloaded to end users’ desktops, ensuring that the end users receive the original files no matter what happens.
By the time the end user receives the files, they’re 100% sanitized and safe to be inside the organization’s infrastructure. Another cybersecurity solution might have blocked or quarantined the message altogether. If the end user wanted to get the information in the message, it would need to be released from quarantine and scrubbed by the security team.
With a secure file gateway, an agency’s employees can use files without having to wrestle with the security team about which files are safe to use. A dashboard allows security personnel to see which files have been sanitized. The solution enables agency productivity without compromising security.
A good gateway solution also retains copies of the original and the sanitized version so an agency can investigate the attempted attack. Ordinarily, when these types of attacks occur, the file gets executed on the user’s machine and deletes itself. That prevents the security team from triaging the file or understanding exactly what it did when executed. By retaining the original file, a secure file gateway makes it easier for security teams to examine it and learn where it entered the system.
View Thales and Votiro’s webinar to learn more information about Supply Chain Attacks and how to solve these cybersecurity issues.