Supply Chain Attack

Definition:

A supply chain attack targets an organization by compromising its suppliers or partners, using them as a vector to infiltrate the organization. This type of attack can affect hardware, software, or services.

Use Cases:

  • Used by attackers to insert malware into software updates or hardware components provided by a trusted supplier.
  • Employed in large-scale attacks on critical infrastructure, where compromise of a single supplier can affect multiple organizations.

Related Terms:

Questions and Answers:

  • What is the impact of a supply chain attack?
    A supply chain attack can compromise not only the target organization but also its customers, partners, and other interconnected entities, leading to widespread damage.

  • How can organizations defend against supply chain attacks?
    Organizations can mitigate the risk by thoroughly vetting their suppliers, implementing security controls for third-party vendors, and monitoring for suspicious activity.

  • What are examples of supply chain attacks?
    Notable examples include the SolarWinds attack, where malware was introduced through a software update, and attacks on hardware manufacturers that compromised devices before they reached customers.
Sidebar