Global supply chain attacks are on the rise and hackers are growing ever more sophisticated, and a recent software supply chain attack likely originating in North Korea proves that point. Last week, researchers from a cybersecurity firm revealed that a trojanized software impacted five different organizations in the United States and Europe. The first attack hit enterprise phone company 3CX, but since then, the cybersecurity team discovered it also struck two financial services companies, and two organizations in the energy sector. The specific target of the attacks is software supply chain via malware installed by the hackers. As a result, many of the software’s customers inadvertently downloaded malicious versions of the software. Researchers speculate that the attack was financially motivated.
Other common supply chain attacks work by placing a keylogger on USB drives. As staff members long onto devices, the keylogger captures passwords to accounts and then gets to work. As cyberattacks increase in frequency and complexity, it’s important to stay vigilant in your efforts to protect your company’s systems.
Preventing supply chain attacks
- Diligently assessing all your software vendors. Check in on their security measures and make sure they meet your own high standards.
- Work with your IT team to analyze security measures both within your operations and with your partner’s operations.
- Use firewalls to filter traffic that may enter your network and devices.
- Ensure your operating systems and software is always updated to the latest versions.
- Regularly monitor for intrusion.
No company is immune from the potential of a software supply chain hack, but staying vigilant can go a long way to protect your business.