Definition:
A supply chain attack targets an organization by compromising its suppliers or partners, using them as a vector to infiltrate the organization. This type of attack can affect hardware, software, or services.
Use Cases:
- Used by attackers to insert malware into software updates or hardware components provided by a trusted supplier.
- Employed in large-scale attacks on critical infrastructure, where compromise of a single supplier can affect multiple organizations.
Related Terms:
Questions and Answers:
- What is the impact of a supply chain attack?
A supply chain attack can compromise not only the target organization but also its customers, partners, and other interconnected entities, leading to widespread damage.
- How can organizations defend against supply chain attacks?
Organizations can mitigate the risk by thoroughly vetting their suppliers, implementing security controls for third-party vendors, and monitoring for suspicious activity.
- What are examples of supply chain attacks?
Notable examples include the SolarWinds attack, where malware was introduced through a software update, and attacks on hardware manufacturers that compromised devices before they reached customers.