How to Fight New Attacks in Tomorrow’s Software Supply Chain


The past year has seen an increase in software supply chain attacks, from the devastating SolarWinds Orion compromise to the Kaseya ransomware attack and widespread exploitation of GitLab servers. Threat actors use infrastructure, platforms, and software and developer vendors as valuable entry points into governments, businesses, and critical infrastructure.

This attack vector allows attackers to maximize ROI over a single campaign. A successful breach can result in widespread distribution of malware, potentially affecting thousands of organizations connected to the provider. Looking at the massive damage caused by these attacks in 2021, it’s clear that complex digital supply chains are a hacker’s paradise.

It is widely expected that threat actors will continue to target the supply chain in 2022 via proprietary source code, developer repositories and open source libraries. Indeed, the White House recently hosted a summit with leaders of major technology companies to discuss how to secure open source software after the discovery of the Log4j vulnerability.

It’s important to ensure that trusted vendors are held accountable for cybersecurity best practices, but in an age of unpredictable cyber threats, all organizations must take appropriate steps to ensure they are prepared to defend against software supply chain attacks.

Stop Kaseya attack with AI
Many organizations use security technology that relies on the characteristics of previously encountered threats to attempt to stop the next attack. However, given the pace of innovation from attackers today, it’s clear that this is no longer a reliable strategy. This approach leaves companies open to attacks that use new infrastructures and new techniques whose signatures we do not yet know.

In the well-known case of Kaseya, attackers used a zero-day vulnerability to gain access to Kaseya Virtual System Administrator (VSA) servers and then deployed ransomware to endpoints managed by those VSA servers. This modus operandi differs significantly from previous ransomware campaigns, which have traditionally been direct human-operated intrusions. Due to its novelty, traditional security tools were blind to this attack.

For an organization using behavior-based security tools, self-learning artificial intelligence (AI) detected the first signs of Kaseya ransomware on the network as soon as encryption began. When it came to identifying and quarantining the infected device, the AI ​​did not search for any static string or known ransom note. Instead – by learning what constitutes “normal” for the organization – he identified that the activity was highly unusual for this device and anything in his peer group.

By detecting and correlating these subtle anomalies, the AI ​​identified the unusual activity as the first steps in encrypting ransomware on the network. It took immediate and targeted action to contain the threat, preventing the infected laptop from making new or unusual connections and thus preventing any further encryption activity.

All this happened in a few minutes. The infected laptop constantly attempted to connect to other internal devices via Server Message Block (SMB) to continue encryption activity, but was blocked by the AI ​​at every step, limiting the spreading the attack and mitigating any damage caused by network encryption. . For the organization in question, the Kaseya ransomware attack had been handled behind the scenes by the AI, without human intervention.

Improve security inside the perimeter
In 2021, AI disrupted around 150,000 threats every week against the IT and communications industry, including telecommunications vendors, software developers, and managed security service providers. For the thousands of organizations equipped with self-learning AI security tools, many of the most high-profile software supply chain threats were spotted and stopped long before news of the attacks hit the headlines.

With the rise of software supply chain attacks, it is increasingly unrealistic for organizations to avoid breaches through their supply chains, and virtually impossible to predict where and how the next vulnerability in the chain will occur. software supply will be discovered. Instead, they must have the ability to detect the presence of attackers already inside their organization and stop this malicious activity in the early stages.

If attackers have taken root in your systems via malware, it’s too late to build a wall against these threats. Fighting tomorrow’s software supply chain attacks means adopting technology that detects and mitigates damage once an adversary is already inside.


Comments are closed.