Supply chain attack

A __supply chain attack__ is a cyber-attack that seeks to damage an organization by targeting less-secure elements in the supply chain.

A basic diagram of a supply chain network, which shows how goods are moved from the raw materials stage to being acquired by the end consumer - wikimedia

A supply chain attack can occur in any industry, from the financial sector, oil industry or government sector. Cybercriminals typically tamper with the manufacturing process of a product by installing a rootkit or hardware-based spying components.

In an Internet Security Threat Report, powered by Symantec, it is stated that supply chain attacks still continue to be a feature of the threat landscape, with an increase by 78 percent in 2018 - wikipedia

The Target security breach, Eastern European ATM malware, as well as the Stuxnet computer worm are examples of supply chain attacks.

Supply chain management experts recommend strict control of an institution's supply network in order to prevent potential damage from cybercriminals.

# Overview

A supply chain is a system of activities involved in handling, distributing, manufacturing and processing goods in order to move resources from a vendor into the hands of the final consumer. A supply chain is a complex network of interconnected players governed by supply and demand - wikipedia

Although supply chain attack is a broad term without a universally agreed upon definition, in reference to cyber-security, a supply chain attack involves physically tampering with electronics (computers, ATMs, power systems, factory data networks) in order to install undetectable malware for the purpose of bringing harm to a player further down the supply chain network.

In a more general sense a supply chain attack may not necessarily involve electronics. In 2010 when burglars gained access to the pharmaceutical giant Eli Lilly and Company supply warehouse, by drilling a hole in the roof and loading $80 million worth of prescription drugs into a truck, they could also have been said to carry out a supply chain attack. However, this article will discuss cyber attacks on physical supply networks that rely on technology; hence, a supply chain attack is a method used by Computer crime.

# Sections

# See also

- Advanced persistent threat - Cyber-attack - Watering hole attack

Ben Smith gave a talk at Aloha Ruby Conference in 2012 entitled Hacking with Gems. The talk includes several examples abusing ruby gems for malicious purposes. His talk was an early warning about software supply chain attacks which have since occurred in real life. youtube

Microsoft Discovers Supply Chain Attack at Unnamed Maker of PDF Software.