It’s no secret that cyberattacks are on the rise. Furthermore, the threats posed by hacking and systems exploitation don’t exist in isolation in your technology platforms. More often than not, it’s easier for attackers to target your downstream suppliers and/or service providers, since you are likely to trust their products and services as being safe and secure. These sorts of attack are known as supply chain attacks and there are several modes of attack threat actors use to disrupt or compromise their targets. Let’s explore those modes of attack to give you an appropriate threat model to help you build resilience into your organisation’s supply chain.
Physical Supply Chain Attacks
On June 9th, 2010 in a remote outpost of the Punjab in Pakistan, the local Taliban militia claimed responsibility for an attack against a truck depot on the outskirts of Islamabad. The attack saw the destruction of 60 trucks, where some of those vehicles were carrying NATO supplies for troops based in Afghanistan. The motive, in this case, was service disruption. It is evident that the intent was to harm NATO’s capability, since the attackers didn’t try to hijack the convoy, destroying the cargo in the hope that their actions would reduce NATO’s capability to engage them in battle in Afghanistan.
In the world of cyber security, physical attacks on the supply chain are also something to be concerned about. Take for example the threats of your computer systems being tampered with before they even arrive in your office. It might sound like fiction, but NSA documents released in Glen Greenwald’s book, No Place to Hide, show how the NSA’s Tailored Access Operations (TAO) unit intercepts computer and networking equipment being shipped to organisations they want under surveillance. There are even pictures of a workshop showing a special “load station”, where NSA engineers are implanting custom (malicious) firmware onto CISCO networking devices prior to them being shipped onto their destination.
These are two different mode of physical attack, where the first is aimed at disruption and service degradation, while the second is an attack on confidentiality, since the aim there is remote control or data exfiltration. The first is an overt attack, still on the supply chain, while the second is covert and much harder to detect…Click here to read full article.