0:02

You're listening to the CyberWire Network

0:04

powered by N2K. The

0:14

IT world used to be simpler. You

0:17

only had to secure and manage environments

0:19

that you controlled. Then came

0:21

new technologies and new ways to work. Now

0:24

employees, apps and networks are

0:26

everywhere. This means poor

0:28

visibility, security gaps and added risk.

0:31

That's why CloudFlare created the

0:33

first ever Connectivity Cloud. Visit

0:36

cloudflare.com to protect your business

0:39

everywhere you do business. The

0:49

word is supply chain attacks. It's

0:56

spelled supply as in to furnish,

0:59

chain as in a series of objects

1:02

and attacks as in to set upon

1:04

in a hostile or aggressive way. Definition

1:14

also known as a third party attack

1:16

or a value chain attack. Adversary

1:19

groups gain access to a targeted

1:21

victim's network by first infiltrating a

1:23

business partners network that has access

1:25

to the victim's systems or data.

1:34

Example sentence, supply chain attacks

1:36

expose the following gap in a company's

1:39

cyber defenses. An organization's

1:41

defensive controls are only as strong as

1:43

those of the weakest links in the

1:45

supply chain. Origin

1:52

and context. One

1:54

key step to the intrusion kill

1:56

chain model occurs when cyber adversaries

1:58

seek to compromise an initial endpoint

2:01

in order to establish a beachhead

2:03

somewhere within the victim's network. From

2:06

there, they can conduct follow-on

2:08

operations like privilege escalation, lateral

2:10

movement, or data exfiltration. But

2:13

establishing the beachhead is key. The

2:15

adversaries can either go directly at the victim

2:18

or they can come sideways

2:20

by first compromising a partner's network that

2:22

has access. One of the

2:24

first known supply chain attacks was the

2:26

breach of the target retail chain in

2:29

2014. The attackers first

2:31

compromised targets HVAC vendor Fazio

2:33

Mechanical Services and used

2:35

their accounts to legitimately log into the

2:38

target's infrastructure. The attackers

2:40

were able to steal personal

2:42

identifiable information or PII and

2:44

financial information impacting 70 million

2:47

customers and 40 million debit and

2:49

credit cards. The Solar

2:51

Storm adversary campaign is a recent

2:54

supply chain attack where the hackers

2:56

compromised the software update mechanism of

2:58

the SolarWinds Orion network management platform.

3:00

18,000 SolarWinds

3:03

customers legitimately downloaded the software that

3:05

contained the backdoor code that allowed

3:07

the adversary group UNC-2452 to use

3:10

it as a beachhead. Nerd

3:18

Reference According to David Sanger, in

3:21

his 2018 Cybersecurity

3:23

Cannon Hall of Fame book, The

3:25

Perfect Weapon, War, Sabotage, and Fear

3:27

in the Cyber Age, President

3:29

Bush authorized a Solar Storm-styled

3:32

attack campaign, code named Operation

3:34

Quantum, against the Chinese

3:36

firm Huawei. Huawei is

3:38

a multinational technology company headquartered

3:40

in Xin Xin, China, that

3:43

designs, develops, and sells telecommunications

3:45

equipment and consumer electronics worldwide.

3:48

The U.S. designed Operation Quantum

3:50

to be a multi-pronged cyber

3:52

operation to, quote, bore away

3:54

deep into Huawei's hermetically sealed

3:56

headquarters, crawl through the company's

3:58

networks, understand its vulnerabilities

4:00

and tapped the communications of its

4:02

top executives. They wanted

4:04

to exploit Huawei's technology so that

4:06

when the company sold equipment to

4:09

other countries, including allies like South

4:11

Korea and adversaries like Venezuela, the

4:13

NSA could roam through those networks

4:15

unimposed." Attention

4:33

all security professionals. Want

4:35

real-time IP intelligence at your fingertips?

4:38

Sign up for Scout Insights free

4:40

trial today. Get immediate

4:43

insights into threats. Search any

4:45

IP with no training required

4:47

and enjoy intuitive graphical results.

4:49

Whether you need to identify

4:51

compromised hosts or enrich Splunk

4:53

queries, Scout Insight has you

4:55

covered. Don't wait. Accelerate

4:58

your threat response now. Visit

5:01

teamkumri.com/ cyberwire to

5:03

start your free trial.