Episode Transcript
Transcripts are displayed as originally observed. Some content, including advertisements may have changed.
Use Ctrl + F to search
0:02
You're listening to the CyberWire Network
0:04
powered by N2K. The
0:14
IT world used to be simpler. You
0:17
only had to secure and manage environments
0:19
that you controlled. Then came
0:21
new technologies and new ways to work. Now
0:24
employees, apps and networks are
0:26
everywhere. This means poor
0:28
visibility, security gaps and added risk.
0:31
That's why CloudFlare created the
0:33
first ever Connectivity Cloud. Visit
0:36
cloudflare.com to protect your business
0:39
everywhere you do business. The
0:49
word is supply chain attacks. It's
0:56
spelled supply as in to furnish,
0:59
chain as in a series of objects
1:02
and attacks as in to set upon
1:04
in a hostile or aggressive way. Definition
1:14
also known as a third party attack
1:16
or a value chain attack. Adversary
1:19
groups gain access to a targeted
1:21
victim's network by first infiltrating a
1:23
business partners network that has access
1:25
to the victim's systems or data.
1:34
Example sentence, supply chain attacks
1:36
expose the following gap in a company's
1:39
cyber defenses. An organization's
1:41
defensive controls are only as strong as
1:43
those of the weakest links in the
1:45
supply chain. Origin
1:52
and context. One
1:54
key step to the intrusion kill
1:56
chain model occurs when cyber adversaries
1:58
seek to compromise an initial endpoint
2:01
in order to establish a beachhead
2:03
somewhere within the victim's network. From
2:06
there, they can conduct follow-on
2:08
operations like privilege escalation, lateral
2:10
movement, or data exfiltration. But
2:13
establishing the beachhead is key. The
2:15
adversaries can either go directly at the victim
2:18
or they can come sideways
2:20
by first compromising a partner's network that
2:22
has access. One of the
2:24
first known supply chain attacks was the
2:26
breach of the target retail chain in
2:29
2014. The attackers first
2:31
compromised targets HVAC vendor Fazio
2:33
Mechanical Services and used
2:35
their accounts to legitimately log into the
2:38
target's infrastructure. The attackers
2:40
were able to steal personal
2:42
identifiable information or PII and
2:44
financial information impacting 70 million
2:47
customers and 40 million debit and
2:49
credit cards. The Solar
2:51
Storm adversary campaign is a recent
2:54
supply chain attack where the hackers
2:56
compromised the software update mechanism of
2:58
the SolarWinds Orion network management platform.
3:00
18,000 SolarWinds
3:03
customers legitimately downloaded the software that
3:05
contained the backdoor code that allowed
3:07
the adversary group UNC-2452 to use
3:10
it as a beachhead. Nerd
3:18
Reference According to David Sanger, in
3:21
his 2018 Cybersecurity
3:23
Cannon Hall of Fame book, The
3:25
Perfect Weapon, War, Sabotage, and Fear
3:27
in the Cyber Age, President
3:29
Bush authorized a Solar Storm-styled
3:32
attack campaign, code named Operation
3:34
Quantum, against the Chinese
3:36
firm Huawei. Huawei is
3:38
a multinational technology company headquartered
3:40
in Xin Xin, China, that
3:43
designs, develops, and sells telecommunications
3:45
equipment and consumer electronics worldwide.
3:48
The U.S. designed Operation Quantum
3:50
to be a multi-pronged cyber
3:52
operation to, quote, bore away
3:54
deep into Huawei's hermetically sealed
3:56
headquarters, crawl through the company's
3:58
networks, understand its vulnerabilities
4:00
and tapped the communications of its
4:02
top executives. They wanted
4:04
to exploit Huawei's technology so that
4:06
when the company sold equipment to
4:09
other countries, including allies like South
4:11
Korea and adversaries like Venezuela, the
4:13
NSA could roam through those networks
4:15
unimposed." Attention
4:33
all security professionals. Want
4:35
real-time IP intelligence at your fingertips?
4:38
Sign up for Scout Insights free
4:40
trial today. Get immediate
4:43
insights into threats. Search any
4:45
IP with no training required
4:47
and enjoy intuitive graphical results.
4:49
Whether you need to identify
4:51
compromised hosts or enrich Splunk
4:53
queries, Scout Insight has you
4:55
covered. Don't wait. Accelerate
4:58
your threat response now. Visit
5:01
teamkumri.com/ cyberwire to
5:03
start your free trial.
Podchaser is the ultimate destination for podcast data, search, and discovery. Learn More