A supply chain attack is a tactic used by hackers to compromise third-party suppliers to major corporations, governments and organizations to gain valuable information.
Supply chain attacks are increasingly prominent, with the latest high-profile Solar Winds attack in the United States in 2020. In this example, hackers (widely believed to be Russian) compromised a software provider used by Fortune 500 companies, government agencies, and many more organizations. By attacking Solar Winds, the hackers could indirectly attack all of these entities indirectly.
By using a trojan horse update, the hackers gained access to a vast amount of sensitive and possibly top-secret information held by branches of the military, the state department, and the pentagon. The extent of the breach is still unknown and many estimate that it will take more than a year to recover and fully remove any threat of lingering surveillance.
The Solar Winds example is a classic case of how devastating a supply chain attack can be. Since so many modern operations rely on software and services from third-party suppliers like cybersecurity firms, it is increasingly difficult to keep systems safe. Supply chain attacks go beyond cybercrime and begin to enter the arena of cyber warfare. In the coming years, supply chain attacks could be used for extortion, surveillance and to gain control over sensitive networks.