Data leaks
7
mins read

Top 5 famous software supply chain attacks in 2023

Explore the critical nature of supply chain cyber attacks and learn how to fortify your defenses against this growing threat in 2023.

Karamveer Singh Sidhu
November 24, 2023
Green Alert
Last Update posted on
February 3, 2024
Make sure there's no weak link in your supply chain.

2023 was marked by a rise in supply chain attacks. Ensure robust protection across your software supply chain with CloudSEK SVigil.

Schedule a Demo
Table of Contents
Author(s)
Coauthors image
Anjana Sathyan

In today's interconnected digital landscape, imagine your company as a fortress. You've fortified every wall, yet a leaky moat in your neighbor's castle—your supply chain—poses a hidden danger. This is the stark reality of supply chain cyber attacks, a growing concern for organizations worldwide. Even with robust internal security measures, your network remains vulnerable if your suppliers, vendors, or third-party software libraries are compromised.

What is a Supply chain attack?

Imagine a car manufacturing company. The company has various third party suppliers that it relies on to get different equipment like tires, glass, material for the body kit, etc. Now suppose that one of the suppliers is hacked and the hackers got access to the company’s design secrets and manufacturing processes. This is a simple example of a supply chain attack.

A supply chain attack occurs when cybercriminals target a weaker link in a company's supply chain network. This could be a supplier, vendor, a customer or a third party software library that the company is dependent upon. Consider a car manufacturer that relies on various third-party suppliers for components like tires, glass, and body kits. If one of these suppliers falls victim to a cyber attack, it could lead to the theft of crucial design secrets and manufacturing processes. Such incidents highlight the vulnerability of companies to cyber threats in their supply chain.

Gartner 2023 Supply Chain Risk Management Survey Report states that "supply chain attacks are on the rise, with 63% of respondents reporting that their organization has experienced a supply chain attack in the past year.

This clearly indicates the concerns that an organization must have with their supply chain elements. 

Below mentioned are, some of the significant supply chain attacks that took place in 2023:-

1. University of California San Francisco (UCSF)Supply Chain Attack

Imagine a doctor not being able to operate because of him not being able to operate a system. Sounds scary right? This is what happened at the UCSF in February, where the hospital's electronic health record (EHR) system was unavailable for several days. Without access to the EHR system, UCSF clinicians were unable to access patient medical records or schedule surgeries. This resulted in the cancellation or postponement of several surgeries.

The attackers executed the attack by exploiting a vulnerability in Codecov, a popular code testing software that Zellis, a clinical trial software company uses to test its software for vulnerabilities. UCSF was using Zellis and hence, was affected. 

The attackers were able to steal the personal information of clinical trial participants from Zellis's systems out of which some of the information was published online. 


2. Airbus Supply Chain Attack

Airbus was also affected by a supply chain attack in January 2023, carried out by a threat actor known as USDoD.

Airbus confirmed that the attack had been carried out through a compromised employee account at Turkish Airlines, one of Airbus's customers. The threat actor was able to access the employee's account and gain access to Airbus's systems.

The breached data included personal information associated with over 3,000 Airbus vendors, such as Rockwell Collins and Thales Group. The data dump included names, addresses, phone numbers, and email addresses.

3. Norton Supply Chain Attack

Norton is a company that offers products and services that help in safeguarding digital security, identity protection and online privacy. The most notable software is the Norton Antivirus which is a widely used Antivirus software. Contrarily, they were also affected by a supply chain attack in May. 

The attack exploited a zero-day vulnerability in MOVEit Transfer, a managed file transfer (MFT) software that Norton's parent company, Gen Digital, uses to transfer files between its offices and customers.

The attackers were able to gain access to Norton's network and steal the personal information of employees, including names, addresses, birth dates, and business email addresses. The attackers also threatened to release the stolen data if Norton did not pay a ransom.

4. Colonial Pipeline Cyber attack

The Colonial Pipeline is the largest pipeline system for refined oil products in the United States. In March, it was also affected by a supply-chain attack. 

The attack exploited a remote code execution (RCE) vulnerability in PulseConnect Secure, a VPN software program used by Colonial Pipeline to monitor its pipeline operations.The attackers were able to gain access to Colonial Pipeline’s network and encrypt its systems.

The attack made it impossible for Colonial Pipeline to operate its pipeline. Colonial Pipeline was forced to shut down its pipeline for five days. This caused a gasoline shortage in the Southeastern United States. Colonial Pipeline paid a ransom of $4.4 million to the attackers in order to regain access to its systems.

Also read Kaseya VSA Supply Chain Ransomware Incident

5. Microsoft Supply Chain Attack

Almost everyone who uses computers knows what Microsoft is and must have used Windows at least once in their lives. Microsoft was also affected by a software supply chain attack in February 2023. 

The attack exploited a vulnerability in Jfrog Artifactory, a binary repository manager that Microsoft uses to store and distribute its software components. The attackers were able to gain access to Jfrog Artifactory and inject malicious code into some of Microsoft's software components. This allowed the attackers to gain access to Microsoft's networks and steal source code and other confidential information.

The above incidents show how important it is to take measures in order to prevent a supply chain attack. Here are some specific steps that businesses can take to protect themselves:-

  • Implement a software supply chain security program. This program should include steps for identifying and assessing risks, implementing security controls, monitoring supply chains, and responding to incidents.
  • Choose your vendors carefully. Research their security practices and make sure they have a good reputation.
  • Keep your software up to date. Software updates often include security patches that can help protect you from known vulnerabilities.
  • Educate your employees about cybersecurity. Make sure they know how to identify and report suspicious activity.
  • Use software composition analysis (SCA) tools. SCA tools can help you identify the third-party components that are used in your software and to assess the security risks associated with those components.
  • Have a plan in place for responding to a cyber attack. This plan should include steps for containing the attack, investigating the incident, and notifying affected customers and partners.

By learning from the past, businesses can better prepare themselves to defend against software supply chain attacks in the future.

CloudSEK is a contextual AI company that predicts Cyber Threats. At CloudSEK, we combine the power of Cyber Intelligence, Brand Monitoring, Attack Surface monitoring, Infrastructure Monitoring and Supply Chain intelligence to give visibility and context to our customer's Initial Attack Vectors.

CloudSEK SVigil creates a blueprint of an organization's external attack surface including the core infrastructure software components and third party vendors. This is then scanned for any misconfigurations, vulnerabilities etc thereby preventing any potential exploits or cyber attacks targeted at the organization. Visibility into all the vendors of the company along with one’s own Attack surface ensures comprehensive protection to one’s digital threat landscape. The solutions helps in preventing cyber attacks with its predictive intelligence feeds across the complete supply chain of an organization.

Author

Karamveer Singh Sidhu

SDE@CloudSEK

Predict Cyber threats against your organization

Schedule a Demo
Related Posts
Blog Image
Adversary Intelligence
Breach
Data leaks
Emerging Threats
Hacktivism
October 10, 2024

Analyzing Recent Cyber Attacks in the United States Coinciding with Columbus Day Celebration

Over recent months, the United States has faced a surge in cyber attacks, with ransomware incidents rising sharply from June to October 2024. Prominent groups, including Play, RansomHub, Lockbit, Qilin, and Meow, have targeted sectors such as Business Services, Manufacturing, IT, and Healthcare, compromising over 800 organizations. Major attacks included a breach of the City of Columbus by Rhysida ransomware and data leaks impacting Virginia’s Department of Elections and Healthcare.gov. Additionally, China’s "Salt Typhoon" espionage campaign is aggressively targeting U.S. ISPs, further complicating the cyber threat landscape. Hacktivist groups advocating pro-Russian and pro-Palestinian positions have also increased their attacks, affecting government entities and critical infrastructure. This report highlights the need for enhanced security protocols, regular audits, and public awareness initiatives to mitigate the growing cyber risks. Key recommendations include implementing multi-factor authentication, frequent employee training, and advanced threat monitoring to safeguard the nation's critical infrastructure and public trust.

Blog Image
Data leaks
February 16, 2024

Case Study: HRMS Provider's Credential Leak Exposes Bank's Employee Data and Enables Account Takeover

Supply Chain Case Study: Leaked credentials of an HRMS Provider’s Employee Expose Critical Employee Information and PII for a Bank and Multiple Subsidiaries; Allows Account Takeover

Blog Image
Adversary Intelligence
November 24, 2023

Understanding Vendor-Related or Third-Party Cyber Risk

Uncover the complexities of third-party cyber risks and learn how to fortify your organization's digital defenses against these evolving threats.

Join 10,000+ subscribers

Keep up with the latest news about strains of Malware, Phishing Lures,
Indicators of Compromise, and Data Leaks.

Take action now

Secure your organisation with our Award winning Products

CloudSEK Platform is a no-code platform that powers our products with predictive threat analytic capabilities.

CloudSEK XVigil

Digital Risk Protection platform which gives Initial Attack Vector Protection for employees and customers.

Learn more about XVigil
CloudSEK SVigil

Software and Supply chain Monitoring providing Initial Attack Vector Protection for Software Supply Chain risks.

Learn more about SVigil
CloudSEK SVigil

Creates a blueprint of an organization's external attack surface including the core infrastructure and the software components.

Learn more about BeVigil Ent
CloudSEK BeVigil

Instant Security Score for any Android Mobile App on your phone. Search for any app to get an instant risk score.

Learn more about BeVigil
Data leaks

7

min read

Top 5 famous software supply chain attacks in 2023

Explore the critical nature of supply chain cyber attacks and learn how to fortify your defenses against this growing threat in 2023.

Authors
Karamveer Singh Sidhu
SDE@CloudSEK
Co-Authors
Anjana Sathyan

In today's interconnected digital landscape, imagine your company as a fortress. You've fortified every wall, yet a leaky moat in your neighbor's castle—your supply chain—poses a hidden danger. This is the stark reality of supply chain cyber attacks, a growing concern for organizations worldwide. Even with robust internal security measures, your network remains vulnerable if your suppliers, vendors, or third-party software libraries are compromised.

What is a Supply chain attack?

Imagine a car manufacturing company. The company has various third party suppliers that it relies on to get different equipment like tires, glass, material for the body kit, etc. Now suppose that one of the suppliers is hacked and the hackers got access to the company’s design secrets and manufacturing processes. This is a simple example of a supply chain attack.

A supply chain attack occurs when cybercriminals target a weaker link in a company's supply chain network. This could be a supplier, vendor, a customer or a third party software library that the company is dependent upon. Consider a car manufacturer that relies on various third-party suppliers for components like tires, glass, and body kits. If one of these suppliers falls victim to a cyber attack, it could lead to the theft of crucial design secrets and manufacturing processes. Such incidents highlight the vulnerability of companies to cyber threats in their supply chain.

Gartner 2023 Supply Chain Risk Management Survey Report states that "supply chain attacks are on the rise, with 63% of respondents reporting that their organization has experienced a supply chain attack in the past year.

This clearly indicates the concerns that an organization must have with their supply chain elements. 

Below mentioned are, some of the significant supply chain attacks that took place in 2023:-

1. University of California San Francisco (UCSF)Supply Chain Attack

Imagine a doctor not being able to operate because of him not being able to operate a system. Sounds scary right? This is what happened at the UCSF in February, where the hospital's electronic health record (EHR) system was unavailable for several days. Without access to the EHR system, UCSF clinicians were unable to access patient medical records or schedule surgeries. This resulted in the cancellation or postponement of several surgeries.

The attackers executed the attack by exploiting a vulnerability in Codecov, a popular code testing software that Zellis, a clinical trial software company uses to test its software for vulnerabilities. UCSF was using Zellis and hence, was affected. 

The attackers were able to steal the personal information of clinical trial participants from Zellis's systems out of which some of the information was published online. 


2. Airbus Supply Chain Attack

Airbus was also affected by a supply chain attack in January 2023, carried out by a threat actor known as USDoD.

Airbus confirmed that the attack had been carried out through a compromised employee account at Turkish Airlines, one of Airbus's customers. The threat actor was able to access the employee's account and gain access to Airbus's systems.

The breached data included personal information associated with over 3,000 Airbus vendors, such as Rockwell Collins and Thales Group. The data dump included names, addresses, phone numbers, and email addresses.

3. Norton Supply Chain Attack

Norton is a company that offers products and services that help in safeguarding digital security, identity protection and online privacy. The most notable software is the Norton Antivirus which is a widely used Antivirus software. Contrarily, they were also affected by a supply chain attack in May. 

The attack exploited a zero-day vulnerability in MOVEit Transfer, a managed file transfer (MFT) software that Norton's parent company, Gen Digital, uses to transfer files between its offices and customers.

The attackers were able to gain access to Norton's network and steal the personal information of employees, including names, addresses, birth dates, and business email addresses. The attackers also threatened to release the stolen data if Norton did not pay a ransom.

4. Colonial Pipeline Cyber attack

The Colonial Pipeline is the largest pipeline system for refined oil products in the United States. In March, it was also affected by a supply-chain attack. 

The attack exploited a remote code execution (RCE) vulnerability in PulseConnect Secure, a VPN software program used by Colonial Pipeline to monitor its pipeline operations.The attackers were able to gain access to Colonial Pipeline’s network and encrypt its systems.

The attack made it impossible for Colonial Pipeline to operate its pipeline. Colonial Pipeline was forced to shut down its pipeline for five days. This caused a gasoline shortage in the Southeastern United States. Colonial Pipeline paid a ransom of $4.4 million to the attackers in order to regain access to its systems.

Also read Kaseya VSA Supply Chain Ransomware Incident

5. Microsoft Supply Chain Attack

Almost everyone who uses computers knows what Microsoft is and must have used Windows at least once in their lives. Microsoft was also affected by a software supply chain attack in February 2023. 

The attack exploited a vulnerability in Jfrog Artifactory, a binary repository manager that Microsoft uses to store and distribute its software components. The attackers were able to gain access to Jfrog Artifactory and inject malicious code into some of Microsoft's software components. This allowed the attackers to gain access to Microsoft's networks and steal source code and other confidential information.

The above incidents show how important it is to take measures in order to prevent a supply chain attack. Here are some specific steps that businesses can take to protect themselves:-

  • Implement a software supply chain security program. This program should include steps for identifying and assessing risks, implementing security controls, monitoring supply chains, and responding to incidents.
  • Choose your vendors carefully. Research their security practices and make sure they have a good reputation.
  • Keep your software up to date. Software updates often include security patches that can help protect you from known vulnerabilities.
  • Educate your employees about cybersecurity. Make sure they know how to identify and report suspicious activity.
  • Use software composition analysis (SCA) tools. SCA tools can help you identify the third-party components that are used in your software and to assess the security risks associated with those components.
  • Have a plan in place for responding to a cyber attack. This plan should include steps for containing the attack, investigating the incident, and notifying affected customers and partners.

By learning from the past, businesses can better prepare themselves to defend against software supply chain attacks in the future.

CloudSEK is a contextual AI company that predicts Cyber Threats. At CloudSEK, we combine the power of Cyber Intelligence, Brand Monitoring, Attack Surface monitoring, Infrastructure Monitoring and Supply Chain intelligence to give visibility and context to our customer's Initial Attack Vectors.

CloudSEK SVigil creates a blueprint of an organization's external attack surface including the core infrastructure software components and third party vendors. This is then scanned for any misconfigurations, vulnerabilities etc thereby preventing any potential exploits or cyber attacks targeted at the organization. Visibility into all the vendors of the company along with one’s own Attack surface ensures comprehensive protection to one’s digital threat landscape. The solutions helps in preventing cyber attacks with its predictive intelligence feeds across the complete supply chain of an organization.