Five biggest supply chain compromise attacks of 2022

Egress | 19th Dec 2022

Even if a business’s internal security is up to scratch, there’s always the chance an external company could introduce risk. With so many interconnected players involved, it isn’t easy to control what others are doing – especially when their security might not be as strong as your own.

If a malicious actor gets its claws into a vendor’s network, it can easily affect the businesses the vendor is connected to. This is why understanding the risks involved in aligning your business with any partner is vital for ensuring the safety of your data and finances. Here are some of this year’s biggest attacks highlighting what happens when supply chain security goes wrong.

2022’s biggest supply chain attacks

Toyota

In March this year, vehicle manufacturer Toyota suffered the consequences when a cyber attack hit a major component supplier. Kojima Industries Corp. came under attack from what is suspected of having been a ransomware ambush, although this hasn’t been confirmed. As a result, Toyota was forced to halt all Japan-based manufacturing temporarily. At the time of reporting, this downtime was expected to cause a 5% drop (around 13,000 units) in monthly production within Japan.

Okta

Okta, an IT management services business, had a close call in January when it discovered threat actors had tried to hack an account belonging to a customer support engineer working for a third-party provider. The group responsible was Lapsus$, which aimed to target Okta clients rather than the business itself. Fortunately, the incident only affected a fraction (366) of its clients.

FishPig

In August, extensions developed by FishPig were found to be infected with malware. Attackers could compromise Fishpig’s vendor infrastructure and insert malicious Recoobe malware into the organization’s Magento Security Suite and WordPress Multisite software. Free FishPig extensions remained unaffected, but paid ones were compromised. 

Comm100

Comm100 is a commercial chat provider, and in September, criminals hijacked its live chat software by infiltrating its infrastructure. By modifying the installer, attackers could deploy malware to other businesses that wanted to use the live chat for customer support. How many people were affected is unknown, but despite the briefness of the attack before it was stopped, it affected customers across multiple sectors in Europe and North America.

AccessPress 

The WordPress plugin, AccessPress, suffered a huge supply chain attack in June. Attackers replaced its software with a backdoored version, allowing them to access websites using malicious plugins. Cybercriminals compromised 40 themes and 53 plugins, leaving users vulnerable. Despite the affected themes and plugins being removed or updated, it’s difficult to say how many people were impacted as AccessPress is used across over 360,000 sites.

How to avoid supply chain attacks

To avoid supply chain attacks, it’s important to understand where these threats come from and the steps you can take to prevent them.

Assume the worst

It’s always best to assume that the worst could happen rather than thinking that attacks like these only happen to others. In assuming that a breach can and will happen, your company’s defense strategies are far more likely to remain up-to-date and responsive in the face of a real threat. This mindset also tends to lead to the implementation of a zero trust framework.

Implement a zero trust framework

A zero trust framework assumes that every access request is unauthorized until its credentials are proven. Zero trust combines multiple techniques rather than one technology to reduce damage to the supply chain. Even if a threat actor somewhere along the supply chain manages to get through security, the damage they could cause is limited because even non-threats are only allowed a small amount of access.

Privileged access management

This requires identifying all sensitive data access points to ensure only people and devices who genuinely need to reach them have those permissions. Privileged access should be kept to a minimum because the more you have, the greater the risk. Access given to vendors or other parts of the supply chain, in particular, must be strictly controlled.

Identify insider threats

Many cybersecurity issues are initially caused by human error or miseducation inside an organization. Most of the time, these problems are far from malicious, but simple mistakes can often have serious consequences, which is why proper training is important. Using technology to help identify these threats while also educating employees on what to look out for can stop attacks before they affect the entire organization.

Intelligent email security

Egress Defend can detect supply chain attacks launched from compromised email accounts. It also uses natural language processing to detect suspicious emails and support employees in staying vigilant.

To learn more about putting a stop to these risks, visit our supply chain compromise page today.