Supply Chain Attack
Definition:
A supply chain attack targets an organization by compromising its suppliers or partners, using them as a vector to infiltrate the organization. This type of attack can affect hardware, software, or services.
Use Cases:
- Used by attackers to insert malware into software updates or hardware components provided by a trusted supplier.
- Employed in large-scale attacks on critical infrastructure, where compromise of a single supplier can affect multiple organizations.
Related Terms:
- Third-Party Risk
- Malware
- Backdoor
- Trojan Horse
Questions and Answers:
- What is the impact of a supply chain attack?
A supply chain attack can compromise not only the target organization but also its customers, partners, and other interconnected entities, leading to widespread damage. - How can organizations defend against supply chain attacks?
Organizations can mitigate the risk by thoroughly vetting their suppliers, implementing security controls for third-party vendors, and monitoring for suspicious activity. - What are examples of supply chain attacks?
Notable examples include the SolarWinds attack, where malware was introduced through a software update, and attacks on hardware manufacturers that compromised devices before they reached customers.