Supply chain attacks are not what we thought they were. Let’s re-define what we mean by a modern supply chain cyber attack, so that we can solve the real-world attacks taking place today.

Both criminals and APT’s are targeting vulnerabilities that allow them to target many victims with a single chain of vulnerabilities in one product line.

Let’s look at the CLOP / TA505’s multi-level supply chain strategy to target both victims and those victim’s customers and partners.

An example of Chinese APT5 actors targeting a single class of VPN device in order to compromise many of that device’s victims.

The five CVE’s that the Russian SVR (APT29) leverages to gain access to supply chain vectors.

What can enterprises do to actually mitigate the risks associated with these types of supply chain attacks?

There is a need for independent, deeper analysis of device hardware and firmware integrity at the component level, in order to detect and mitigate supply chain attacks. This might be described as continuous integrity assurance and threat discovery at the firmware and hardware component level.

Why an automated, intelligent platform is needed to address such a complex, diverse, heterogeneous problem space.

For more information see:

What Is A Supply Chain Attack, Really?