How many of us stop to think about updating software we use every day? Do you think "maybe I should check for threats on this before I install it?" Or do you wait for it to automatically update? For many of us, we don't consider the security of the everyday software we use. This is often due to a false sense of security, trusting the software vendor, or an assumption that the software is safe due the nature of the product or its intended use. I'm not talking about key application software used by the business; I'm talking about a small application we use on a desktop or laptop to support our work on a daily basis. What's the likelihood the next software update could include malicious content such as a backdoor or Trojan? Unfortunately, attackers are increasingly leveraging this vector to gain access to organizations, we call it a software supply chain attack.
A software supply chain attack is when an attacker gains access to a legitimate software vendor and then compromises either the software or update repository. This is done with the intention of installing a backdoor, or other malicious code, into the legitimate software update provided by the vendor. As users update their software, unwittingly falling victim to the Trojanized update, they also install the embedded malicious code.
Most software supply chain attacks go undetected by security solutions, making it an ideal way for threat actors to gain access to even the most security-focused organizations. Software supply chain attacks are highly effective because they allow the attackers to target a large number of users and organizations with a single attack. In some cases, depending on the software compromised, attackers can target users with the highest level of access in an organization, users with escalated privileges, making them a prime target as the threat actors establish a foothold into the organization with the "keys to the kingdom". Leveraging these kinds of attacks also allows threat groups to target specific industries, by compromising common software used across a particular vertical. Lastly, supply chain attacks provide longevity due to their stealth nature, yielding a high rate of return given the software they are able to compromise.
For more information on how to combat this kind of attack with the RSA NetWitness® Platform, please visit our booth at the RSA Conference 2017.