*** Welcome to piglix ***

Supply chain attack


A supply chain attack is a cyber-attack that seeks to damage an organization by targeting less-secure elements in the supply network. A supply chain attack can occur in any industry, from the financial sector, oil industry or government sector. Cybercriminals typically tamper with the manufacturing process of a product by installing a rootkit or hardware-based spying components.

The recent Target security breach, Eastern European ATM malware, as well as the Stuxnet computer worm are examples of supply chain attacks.

Supply chain management experts recommend strict control of an institution's supply network in order to prevent potential damage from cybercriminals.

A supply chain is a system of activities involved in handling, distributing, manufacturing and processing goods in order to move resources from a vendor into the hands of the final consumer. A supply chain is a complex network of interconnected players governed by supply and demand.

Although supply chain attack is a broad term without a universally agreed upon definition, in reference to cyber-security, a supply chain attack involves physically tampering with electronics (computers, ATMs, power systems, factory data networks) in order to install undetectable malware for the purpose of bringing harm to a player further down the supply chain network.

In a more general sense a supply chain attack may not necessarily involve electronics. In 2010 when burglars gained access to the pharmaceutical giant Eli Lilly's supply warehouse, by drilling a hole in the roof and loading $80 million worth of prescription drugs into a truck, they could also have been said to carry out a supply chain attack. However, this article will discuss cyber attacks on physical supply networks that rely on technology; hence, a supply chain attack is a method used by cyber-criminals.

Generally, supply chain attacks on information systems begin with an advanced persistent threat that determines a member of the supply network with the weakest cyber security in order to affect the target organization. According to an investigation produced by Verizon Enterprise, 92% of the cyber security incidents analyzed in their survey occurred among small firms. According to Dell SecureWorks, by targeting small firms with weak security system controls, highly sophisticated attackers are able to cause serious damage to an organizations’ financial assets and intellectual property through the following process:


...
Wikipedia

...