Increase in Supply Chain Attacks 2021: Real Examples

We've already introduced some details of the current situation with supply chain attacks as well as fundamental practices helping to fight ever-growing supply chain attacks. Here, our team would like to show real scenarios and examples of supply chain attacks in 2021 and before.

Evolving Supply Chain Attacks

Every year, the cyber world reports an increased number of supply chain attacks affecting both low-profile and high-profile organizations. However, 2021 hasn't been over yet but has already beaten the previous record by 4X-6X - according to the different sources investigating various supply chain attacks all over the world. And only ransomware doesn't let supply chain attacks take the first place in the rating of most widespread and evolving cyber attacks of today's world.

The very idea of supply chain attacks, which is to target the weakest members of hackers' victim's supply chain, is so effective that malicious actors won't probably stop utilizing the working scheme. In other words, even the most prominent up-to-date cyber security architecture won't save your business if your supply chain has at least one weak link. The only hope depends on the promotion of cyber security awareness in the business sector and the deep investigation of supply chain members as a complex. As for the latter, you can face many problems as checking your supplier's suppliers' suppliers can be almost impossible. 

Meanwhile, if you look for the cheapest supply offers, it's more likely to come closer to a supply chain attack scenario. On the other hand, high costs aren't 100% guarantees of a proper supply chain cyber security condition. The only thing you may be relatively certain about is that you shouldn't trust any supplier, and the threat may come from anywhere. However, you can be prepared and utilize professional analytical tools. Cyber security as a priority for all members of supply chains seems a more hopeful part the world is slowly moving to. Otherwise, we're about to see sky-high increases in supply chain attacks not every year but every month.

Supply Chain Attacks: Real Examples

Most famous examples of supply chain attacks include Target (one of the biggest US retailers) breach (2013), Stuxnet computer worm, Eastern European ATM malware (2014), NotPetya / M.E.Doc (2017; in Ukraine), Equifax (a leading global data, analytics, and technology company) attack (2017), British Airways (2018), SolarWinds (2020), and Microsoft Exchange Server (2021), and this year's multiple ransomware supply chain attacks like on Colonial Pipeline, US largest pipeline system responsible for the gas supply on the East coast.

Supply Chain Attack Examples

Typical supply chain attacks fall into such common types:

• third-party software update compromising - as with SolarWinds attack;
• login credentials leakage - Target is an example here;
• valid applications with malicious code injected.

Software Supply Chain Attack Scenario

There are various types of supply chain attack scenarios. Let's have a closer look at a common software supply chain attack.

• Hackers analyze which open-source product(s) their targeted enterprise utilizes. Or examine the open-source ecosystem for potential victims.
• They hack a weak developer's account.
• The compromised account allows malicious actors to immediately attack their victim or install a backdoor.
• Once the necessary action like installing updates is performed, you're on their hook.

One more thing to add, in 2021, this type of supply chain attack soars by 6+ (!) times.

Our experts in MBS Tech can ensure you'll build a secure supply chain and stay prepared for any supply chain attack scenarios with robust cyber security and multi-layered protection. Keep up with the most recent cyber news and valuable tips from our devoted team. Keep your business cyber safe with our expert advice and help.