Supply chain attacks
Supply chain attacks are an emerging threats that target software developers and suppliers. The goal is to access source codes, build processes, or update mechanisms by infecting legitimate apps to distribute malware.
How supply chain attacks work
Attackers hunt for unsecure network protocols, unprotected server infrastructures, and unsafe coding practices. They break in, change source codes, and hide malware in build and update processes.
Because software is built and released by trusted vendors, these apps and updates are signed and certified. In software supply chain attacks, vendors are likely unaware that their apps or updates are infected with malicious code when they're released to the public. The malicious code then runs with the same trust and permissions as the app.
The number of potential victims is significant, given the popularity of some apps. A case occurred where a free file compression app was poisoned and deployed to customers in a country/region where it was the top utility app.
Types of supply chain attacks
Compromised software building tools or updated infrastructure
Stolen code-sign certificates or signed malicious apps using the identity of dev company
Compromised specialized code shipped into hardware or firmware components
Pre-installed malware on devices (cameras, USB, phones, etc.)
To learn more about supply chain attacks, read this blog post called attack inception: compromised supply chain within a supply chain poses new risks.
How to protect against supply chain attacks
Deploy strong code integrity policies to allow only authorized apps to run.
Use endpoint detection and response solutions that can automatically detect and remediate suspicious activities.
For software vendors and developers
Maintain a highly secure build and update infrastructure.
- Immediately apply security patches for OS and software.
- Implement mandatory integrity controls to ensure only trusted tools run.
- Require multi-factor authentication for admins.
Build secure software updaters as part of the software development lifecycle.
- Require SSL for update channels and implement certificate pinning.
- Sign everything, including configuration files, scripts, XML files, and packages.
- Check for digital signatures, and don't let the software updater accept generic input and commands.
Develop an incident response process for supply chain attacks.
- Disclose supply chain incidents and notify customers with accurate and timely information
For more general tips on protecting your systems and devices, see prevent malware infection.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for