This article has an unclear citation style. The references used may be made clearer with a different or consistent style of citation and footnoting.(December 2020) (Learn how and when to remove this message)
A supply chain attack is a cyber-attack that seeks to damage an organization by targeting less secure elements in the supply chain.[1] A supply chain attack can occur in any industry, from the financial sector, oil industry, to a government sector.[2] A supply chain attack can happen in software or hardware.[3] Cybercriminals typically tamper with the manufacturing or distribution of a product by installing malware or hardware-based spying components.[4] Symantec's 2019 Internet Security Threat Report states that supply chain attacks increased by 78 percent in 2018. [5]
A supply chain is a system of activities involved in handling, distributing, manufacturing, and processing goods in order to move resources from a vendor into the hands of the final consumer. A supply chain is a complex network of interconnected players governed by supply and demand.[6]
Although supply chain attack is a broad term without a universally agreed upon definition,[7][8] in reference to cyber-security, a supply chain attack involves physically tampering with electronics (computers, ATMs, power systems, factory data networks) in order to install undetectable malware for the purpose of bringing harm to a player further down the supply chain network.[2][4][9]
In a more general sense, a supply chain attack may not necessarily involve electronics. In 2010 when burglars gained access to the pharmaceutical giant Eli Lilly's supply warehouse, by drilling a hole in the roof and loading $80 million worth of prescription drugs into a truck, they could also have been said to carry out a supply chain attack.[10][11] However, this article will discuss cyber attacks on physical supply networks that rely on technology; hence, a supply chain attack is a method used by cyber-criminals.[12]
^Cite error: The named reference csOnline was invoked but never defined (see the help page).
^ abCite error: The named reference :1 was invoked but never defined (see the help page).
^"Supply chain attacks". docs.microsoft.com. Retrieved 10 April 2022.
^ ab"New malware hits ATM and electronic ticketing machines". SC Magazine UK. Retrieved 29 October 2015.
^"2019 Internet Security Threat Report Executive Summary". Broadcom. Retrieved 23 November 2021.
^"Supply Chain Definition | Investopedia". Investopedia. Retrieved 4 November 2015.
^Supply chain, cyber security and geo-political issues pose the greatest risks, as risk goes up in importance and profile say risk managers at sword active risk conference. (28 July 2015). M2 Presswire Retrieved on 2015-11-4
^Napolitano, J. (6 January 2011). How to secure the global supply chain. Wall Street Journal Retrieved on 2015-11-4
^Cite error: The named reference :3 was invoked but never defined (see the help page).
^"Drug theft goes big". Fortune. Retrieved 4 November 2015.
^"Solving the Eli Lilly Drug Theft". www.securitymagazine.com. Retrieved 4 November 2015.
^Cite error: The named reference :4 was invoked but never defined (see the help page).
and 28 Related for: Supply chain attack information
A supplychainattack is a cyber-attack that seeks to damage an organization by targeting less secure elements in the supplychain. A supplychain attack...
A software supplychain is composed of the components, libraries, tools, and processes used to develop, build, and publish a software artifact. Software...
A supplychain, sometimes expressed as a "supply-chain", is a complex logistics system that consists of facilities that convert raw materials into finished...
investigations into supplychainattacks at SolarWinds had found evidence of an attempted supplychainattack distinct from the attack in which SUNBURST...
primarily in the United States and Europe. Havex exploited supplychain and watering-hole attacks on ICS vendor software in addition to spear phishing campaigns...
2020. The attackers exploited software or credentials from at least three U.S. firms: Microsoft, SolarWinds, and VMware. A supplychainattack on Microsoft...
property theft revealed "a global intrusion campaign ... [utilizing a] supplychainattack trojanizing SolarWinds Orion business software updates in order to...
coming into an office on a full-time basis. Around April 2021, a supplychainattack using code auditing tool codecov allowed hackers limited access to...
Supplychain security (also "supply-chain security") activities aim to enhance the security of the supplychain or value chain, the transport and logistics...
including the VPNFilter wireless router malware attack in 2018 and the widespread CCleaner supplychainattack In 2017. Sourcefire was founded in 2001 by Martin...
though it had been active since 2020. It is believed to have been a supplychainattack impacting the legitimate Free Download Manager project. The malware...
client had been taken over by hackers and spread malware after a supplychainattack. The company has confirmed on their website and their community forum...
original on 29 March 2024. Retrieved 29 March 2024. "SUSE addresses supplychainattack against xz compression library". SUSE Communities. SUSE. Archived...
Retrieved 2023-07-24. "North Korea Leverages SaaS Provider in a Targeted SupplyChainAttack". Mandiant. Retrieved 2023-07-24. Phan, Bob (2023-07-12). "[Security...
and basic physical and supply-chainattacks, although some critics have demonstrated architectural and side-channel attacks effective against the technology...
other attacks; there was, however, no evidence that they performed attacks on election infrastructure in 2020. December: A supplychainattack targeting...
Buffer overflow Heap overflow Stack overflow Format string attack By modality Supplychainattack Social engineering Exploit In detail, there are a number...
and CVE-2016-0778 (buffer overflow). On March, 29 2024 a serious supplychainattack on XZ Utils has been reported, targeting indirectly the OpenSSH server...
response engagements; in December, the company investigated a major supplychainattack by SolarWinds on U.S. government infrastructure. In May 2021, Mandiant...
Digital supplychain security refers to efforts to enhance cyber security within the supplychain. It is a subset of supplychain security and is focused...
be vulnerable to keystroke logging through a so-called supplychainattack where an attacker substitutes the card reader/PIN entry hardware for one which...
software updates. The full extent of damage done via the resulting supplychainattack is yet to be determined. List of companies of Taiwan "CyberLink Announces...
next 20 years. In March 2019, Kaspersky Lab researchers disclosed a supplychainattack that affected the Asus Live Update software bundled on its laptops...