Supply Chain Attack

Definition:

A supply chain attack targets an organization by compromising its suppliers or partners, using them as a vector to infiltrate the organization. This type of attack can affect hardware, software, or services.

Use Cases:

• Used by attackers to insert malware into software updates or hardware components provided by a trusted supplier.
• Employed in large-scale attacks on critical infrastructure, where compromise of a single supplier can affect multiple organizations.
  
  

Related Terms:

• Third-Party Risk
• Malware
• Backdoor
• Trojan Horse
  
  

Questions and Answers:

• What is the impact of a supply chain attack?
  A supply chain attack can compromise not only the target organization but also its customers, partners, and other interconnected entities, leading to widespread damage.
  
  
• How can organizations defend against supply chain attacks?
  Organizations can mitigate the risk by thoroughly vetting their suppliers, implementing security controls for third-party vendors, and monitoring for suspicious activity.
  
  
• What are examples of supply chain attacks?
  Notable examples include the SolarWinds attack, where malware was introduced through a software update, and attacks on hardware manufacturers that compromised devices before they reached customers.