Home | Resources | Research

Supply Chain Attacks

Supply Chain Attacks

A supply chain attack is a type of cyber attack that targets the weakest link in a supply chain to gain unauthorized access to a target’s systems or data. The supply chain refers to the network of organizations and processes involved in producing and delivering a product or service to end-users.

Supply chain attacks are on the rise. The success of a business is undoubtedly linked to its supply chain. Yet, because of this, an organization is only as strong as its weakest link.

According to the GAO-18-667T (GAO), reliance on a global supply chain introduces multiple risks to federal information systems. Supply chain threats are present during the various phases of an information system’s development life cycle and could create an unacceptable risk to federal agencies (U.S. government departments and agencies).

These threats can have a range of impacts, including allowing adversaries to take control of systems or decreasing the availability of materials needed to develop systems. These threats can be introduced by exploiting vulnerabilities that could exist at multiple points in the supply chain.

Supply Chain Cybersecurity Vulnerabilities

Examples of such supply chain vulnerabilities include the acquisition of products or parts from unauthorized distributors. Inadequate testing of software updates and patches. And incomplete information on IT suppliers. Malicious actors could exploit these vulnerabilities, leading to the loss of the confidentiality, integrity, or availability of federal systems and the information they contain.

Today, organizations have a greater choice of suppliers and have become more reliant on third parties. This, however, also means that the supply chain has become a more complex web of interdependent companies who might not even be aware that they are connected. As a result, it is impossible to cover the entire supply chain. Additionally, technology is becoming an essential tool in the supply chain cybersecurity for all operations. These factors combined, have precipitated an inadvertent expansion of vulnerabilities within supply chain cyber security.

There are various actors who might target an organization’s supply chain attack. With that comes numerous motives behind an attack. An individual looking to gain financial benefits. Or a nation-state or state-sponsored actor seeking to sabotage an adversary by conducting espionage.
On a supply chain attack, it is typically the hardware that is tampered with. Devices can be compromised at any point throughout the supply chain. And a Rogue Device, like bad USB, can be delivered by a supplier to the end user. Moreover, due to the interconnections of the involved organizations, suppliers often have access to a target’s sensitive information.

Supply Chain Attacks

When the target has high security measures and the attacker finds it nearly impossible to gain an onsite presence, they may find it more attainable to attack a third party with fewer security measures. As mentioned, supply chains are becoming increasingly complex which makes detecting an attack, and its origin, extremely difficult. In many aspects supply chain attacks represent the “Holy Grail” of hardware based attacks. Additionally, implants can be microscopic and can easily go unnoticed to the human eye, avoiding any suspicion as to the device’s true intentions.
Sitting on the physical layer implants are not detected by cybersecurity software solutions either. Furthermore, Spoofed Peripherals might be authorized as a genuine HID thereby not raising any security alarms. Ultimately, there are plentiful benefits that make attacking the supply chain favorable for bad actors.

Manipulation

Attacks on the supply chain commonly involve hardware being intercepted and manipulated. This can include the manipulation of the printed circuit board (PCB). Whereby bad actors inject malicious functionality after a reverse engineering process has identified areas in which new capabilities can be added. Additionally, chips can be manipulated in order to carry out an attack. Everyday peripherals can be spoofed to act with malicious intent, in this scenario. The original functionality of the chip will remain intact, while the “additional” functionality may be triggered by an external event (physical – by sending a specific RF signal or logical – via a certain access to a memory area that usually is nonexistent).
Manipulation can happen at any point throughout the device’s route along the supply chain. The device will be unpackaged, modified, repackaged and put pack in transit

Side Channel Attack

These attacks aim to extract secrets from a chip or system through measurement and analysis of physical parameters. Side channel attacks have proven to be successful in breaking algorithmically robust cryptography operations. Thus meaning that anything else protected by conventional cryptographic methods is no longer protected.

Fault Attack

These attacks target a physical electronic device whereby the attacker essentially causes stress to the device through an external mean e.g. incorrect voltage, excessive temperature or signal power interference. The stress generates errors in such a way that it results in a security failure of the system. This failure allows the bad actor to obtain faulty outputs or behaviors for the key recovery.

Power Line Attack

Through malware, perpetrators can control the workload of the device’s CPU. Thus having the ability to also control its power consumption. The emissions conducted on the power cables are measured and the signal is processed and decoded back into binary information by the attacker. Modulating changes in the current flow allows for passwords, encryption keys and other sensitive information to be stolen by bad actors.

Wireless Implants

Through the HID, computer operating systems have allowed for devices to be accepted when they are plugged in to make keyboard, mice and other input devices as easy to connect as possible. By exploiting this weakness, attackers have utilized devices that act like HIDs to carry out attacks. Since they will be recognized as genuine by the computer. These Rogue Devices look authentic to the human eye. Such as a charging cable or a keyboard – and are used by victims without questioning their intent (Juice Jacking). The device incorporates a remote access point that allows the attacker to control the endpoint without ever needing to gaining physical access to it, thus making the job easier.

Spy Chips

These are malicious chips which can access the configurations of the target’s firewall. From here, the firewall settings can be changed to provide the attacker with remote access to the target device. Disable its security features and provide access to the device’s log of all the connections it is exposed to. Spy chips are tiny in size – just bigger than a grain of rice – and can go easily unnoticed on a motherboard. The activation of a spy chip can occur in one of two ways. Either as a “ticking time bomb” whereby it automatically activates after a certain period of time. Or through “cheat codes” which activate the chip based on input conditions. As such, a spy chip may be embedded long before it causes any actual damage.

Visibility and Protection for Hardware Assets

Many times, IT and security teams struggle in providing complete and accurate protection of their hardware assets. Especially in today’s extremely challenging IT/OT/IoT environment. This is because, often, there is a lack of device visibility which leads to weakened policy enforcement of hardware access. This vulnerability may result in security incidents such as ransomware attacks, data leakage, etc. In order to address this challenge, ultimate visibility into your Hardware assets is required. Regardless of device characteristics and the interface used for connection.

Moreover, malicious actors have adapted to the dynamic cybersecurity defenses deployed to block cyber-attacks by taking advantage of the “blind spots”. Mainly through bad USB HID-emulating devices or Physical Layer network implants. These Rogue Devices are covert by nature and go undetected by existing security software solutions, thereby leaving the organization extremely vulnerable.

Sepio’s Platform. See Every Known and Shadow Asset

Sepio’s platfom provide a panacea to the gap in device visibility. As the leader in Rogue Device Mitigation, Sepio’s identifies, detects and handles all peripherals. No device goes unmanaged. Sepio uses Physical Layer fingerprinting technology and Machine Learning to calculate a digital fingerprint from the electrical characteristics of all devices and compares them against known fingerprints.

Sepio is able to provide organizations with ultimate device visibility and detect vulnerable devices and switches within the infrastructure. In addition to the deep visibility layer, a comprehensive policy enforcement mechanism recommends on best practice policy and allows the administrator to define a strict, or more granular, set of rules for the system to enforce. When a device breaches the pre-set policy, Sepio automatically instigates a mitigation process which instantly blocks unapproved or Rogue hardware.


See every known and shadow asset. Prioritize and mitigate risks.
Talk to an expert. It will help you understand how to use Sepio’s patented technology to gain control of your asset risks.

Supply Chain Security E-Book
August 18th, 2020
Bentsi Ben Atar

Bentsi Ben Atar
CMO, Co-founder

Related Posts

  •
    Supply Chain Cyber Threats

    Cyber threats to the supply chain have become a significant concern as businesses and organizations increasingly rely on interconnected digital systems for various aspects of their operations. These threats can have serious consequences, ranging from data breaches and financial losses to disruptions in the production and distribution of goods and services. Do you know who…