ORSYS le mag 2025 logo

The training and skills medium

Home > Cybersecurity glossary > Supply chain attack πŸ”΄ Attack

Supply chain attack πŸ”΄ Attack

A supply chain attack (or supply chain attack is an offensive method in cyber security which targets vulnerabilities in an ecosystem of interconnected organisations (suppliers, subcontractors, software publishers, etc.) to compromise an end entity. Instead of attacking the main target directly, the hackers exploit the trust placed in a third party in the supply chain, which is often less secure, to infiltrate the end victim's system.

 

  • CATEGORY : 🔴 Computer attack
  • FREQUENCY : 🔥🔥🔥
  • DANGEROUS : πŸ’€πŸ’€πŸ’€πŸ’€πŸ’€
  • DIFFICULTY OF ERADICATION : 🧹🧹🧹🧹

 

Google - Noto Color Emoji 15.0 (Animated)  How it works 

  1. Compromise of a weak link :
    Attackers hack into a provider, a cloud service, an open source software library, or a third-party tool, and then use this access to propagate malware or backdoors to end customers.
  2. Leveraging trust :
    Victims install updates, hardware or software that appear legitimate but have already been corrupted by the attacker (e.g. compromise of an officially signed software update).
  3. Cascading impact :
    A single intrusion can infect hundreds or thousands of customers of the compromised supplier, making these attacks particularly destructive.

πŸ‘‰ Well-known examples

 

  • SolarWinds (2020) In the UK, hackers inserted malicious code into an update of the Orion tool, affecting thousands of businesses and government agencies.
  • NotPetya (2017) attack via hacked Ukrainian accounting software, causing billions of dollars in damage.
  • CCleaner (2017) malware hidden in a legitimate version of the software infected 2.3 million users.
  • Kaseya VSA (2021) : ransomware targeting the Kaseya VSA MSP platform, infecting thousands of SME MSP customers.

 

Types of frequent targets

  • Software publishers : injection malicious code in updates.
  • Equipment suppliers Alteration of physical components.
  • Open source libraries package corruption (e.g. via npm, PyPI).
  • External services compromising a cloud service provider or access provider.
  • Managed Service Providers (MSPs) : access to multiple customers

 

πŸ›‘οΈ Preventive measures

 

  • Auditing third parties Assessing the safety of suppliers and subcontractors.
  • Digitally sign updates Checking software integrity.
  • Segmenting networks Isolate critical systems from third parties.
  • Monitoring anomalies This means detecting suspicious behaviour, even from 'trusted' sources.
Back to Glossary

field of training

ο€­

Cybersecurity

associated training



Systems and network security, level 1



Hacking and security, level 1



Information systems security, summary

BEST

Towards the ORSYS Cyber Academy: a free space dedicated to cybersecurity