Supply Chain Attacks

Published by Nick on

As more and more organizations secure their users, networks, and systems, attackers are finding more creative ways to access sensitive data. The supply chain attack in cyber security is one of these methods; it’s affecting not only organizations but average users as well. In a supply chain attack, cyber criminals hack third-party vendors or service providers, thereby accessing your data through that third party. Three types of supply chain attacks are formjacking, third-party server compromise and hacked software updates.

Making a Simple Credit Card Validation Form - Tutorialzine

1. Formjacking is something you should be aware of if you make online purchases. Cyber criminals have developed methods to steal your credit card information after you enter it on a website. They inject malicious JavaScript code that sends them all the information you input. The only prevention for this is for website owners to better monitor their sites for unusual activity. For the consumers that shop online, monitor your bank statements for purchases you did not make.

Microsoft servers being hacked 'faster than anyone can count': Report - The Statesman

2.Third-party server compromise involves cyberattacks on outside vendors. For most organizations that have complex IT systems, working with third-party vendors can serve a great advantage. Vendors can offer a service that ends up being cheaper than personnel and training required to spin up that service in-house. When a vendor provides an IT service, they usually need to put a server on your network or have your network communicate with their server in the cloud. Cyber criminals will target the vendor’s servers to gain a point of entry into an organization’s network. When working with a third party in this capacity, it’s very important to audit their security posture and confirm they are protecting against these types of attacks.

How To Set Up Automatic Microsoft Software Updates On Your Windows 10 PC

3. Hacked software updates occur when cyber criminals exploit third-party servers by adding malicious code to their software updates. In the last year, Dell and Asus both had applications compromised that delivered malicious software updates. Fortunately, the cyber security community exposed these threats and both Dell and ASUS provided fixes for the problems. The best way to stay secure in these types of attacks is to pay attention to recent security news and have a good understanding of the software you use.

Supply chain attacks are just one new method cyber criminals are using to compromise systems. As the systems become more secure, criminals will find more creative ways in. Technology provides us with many conveniences, including increased productivity. However, with that benefit comes a dark side. The best way to combat the negative side of technology is to continue learning how to use it and secure it correctly. By being a lifelong learner and educating yourself about the tools you use, you’re better equipped to prevent such attacks and protect your information.

Categories: Cybersecurity

0 Comments

Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *

Related Posts

Cybersecurity

Administrator- Hackthebox lab

This lab came with Active Directory creds to simulate an assumed breach assessment. I started by checking the credentials with Netexec to confirm they worked. Next I ran Bloodhound-ce-python to collect Active Directory data for Read more

Cybersecurity

Support- Hackthebox lab

I started with an nmap scan for all TCP ports and the top UDP ports. This one looks like an Active Directory Domain Controller. Added target hostnames to /etc/hosts Looking through the SMB shares, I Read more

Cybersecurity

ServMon- Hackthebox lab

This box took a ton of troubleshooting and resets for the privilege escalation. The web server kept crashing but after many attempts, I finally got it finished. I start things off with a port scan Read more