Supply Chain Attacks (SCAs) aren’t new. However, they’re becoming more sophisticated, and increasingly affecting public safety organizations. With enterprise companies investing more in their cybersecurity defenses, threat actors are using different attack vectors to disrupt and compromise vendors throughout the supply chain to reach their ultimate targets.
With SCAs representing a larger potential threat than ever before, public safety organizations need to be prepared. To help agencies better understand these attacks and who (or what) is behind them, the Motorola Solutions Threat Intelligence team recently published Cyber Threats to Public Safety: Supply Chain, the latest report in our 2021 series. Here are some highlights from the report.
How Supply Chain Attacks Work
There are two types of SCAs: hardware and software. Threat actors can target hardware, but more commonly, they target software of a vendor within the supply chain. Once an attacker inserts malicious code into an unsuspecting organization’s firmware or software, they can even gain access to sign-in credentials to approved tampered software for distribution.
Over time, supply chains have become more attractive to cyber attackers based on their complexity and variety of vendors within them. Supply chain attacks can create and exploit a vulnerability within a software system to negatively impact consumers of a product or service, for example. Once an attacker gets access to that system, they can replace or change code or insert malicious code to ingrain malware within it.
Given that level of pre-existing access, cyber criminals can then install malware at any stage of the supply chain. Once the threat actor completes this process, downstream software companies can unknowingly send malware via updates to their customers’ software deployments, enabling threat actors to reach organizations far larger than their original target.
Public safety organizations are expanding their technological capabilities to meet constituent demands and adopting innovations that can better help support their mission. As a result, they’re becoming far more reliant on third-party vendors. This reliance comes with an increased concern for the security of sensitive internal information and critical infrastructure availability.
Threat actors typically target small, third-party vendors that are linked to large, security-conscious organizations. Attackers see these smaller vendors as potential weak links that are more vulnerable. When evaluating hardware and software vendors, it’s important to make sure they value cybersecurity and understand the impact of SCAs on public safety.
Threat actors have many different motives for conducting SCAs, including monetary extortion, political activism and corporate data theft. Regardless of their motives, though, these threat actors pose a serious danger to public safety organizations and their mission-critical operations.
Recent SCAs and Their Impact
While SCAs are not a new phenomenon — the first was reported in 1984 — they’re becoming increasingly common and complex, just like other cyber threats. In 2018, a large supply chain attack targeted hardware. This happened when state-backed operatives placed microchips into products sold by a computer manufacturing company. The manufacturer delivered compromised computers to customers. As a result, threat actors were able to steal valuable information from global companies and government organizations using these computers.
Software SCAs are more common and have the ability to impact thousands of end users. One of the most infamous in recent history is the SolarWinds attack, in which threat actors injected malicious code into the SolarWinds’ IT tool. As a result, nation-state actors acquired access to thousands of company and government networks and systems, and extracted data from hundreds of thousands of end-users.
Despite the fact that a single company was initially targeted, that infiltration gave threat actors the ability to invade multiple points in the supply chain, compromising far more organizations and individuals. The 2021 Presidential Executive Order, signed by President Biden, acknowledged the danger of SCAs, and emphasized how important it is to protect against them and set policies on how to avoid them in the future.
Public Safety Risks and Mitigations
Public safety can’t ignore the risks of SCAs. Organizations must manage supply chain security and trust to identify potential weaknesses in their vendors. Even though supply chains are complex and intertwined, organizations should regularly document their suppliers and service providers to track their connections and business partnerships. With this documentation, monitoring supply chain risks and threats can reduce some of the pressure. Working with trusted vendors that value cybersecurity is an important first step in protecting your organization and mitigating the risks of SCAs.
Cyber criminals are determined, but your organization can defend against threats and SCAs by taking proactive measures to protect your systems and networks. In addition, Motorola Solutions can help you defend against them with a robust incident response plan and 24/7 managed detection and response.
Download the Cyber Threats to Public Safety: Supply Chain now to read the full report.