ENISA encouraged organizations to check all software updates before installing

by Emma Davis
August 2, 2021
check all software updates
Written by Emma Davis

To avoid attacks on the supply chain, organizations should check all software updates before installing, according to the European agency ENISA.

According to the European Union Agency for Cybersecurity (ENISA), half of all attacks on the supply chain were carried out by “well-known APT groups”, so it is necessary to stimulate “new methods of protection” against them.

Of the 24 supply chain cyberattacks studied by ENISA since January 2020 (including attacks on Accellion, SolarWinds, Kaseya, Fujitsu ProjectWeb, Bignox Noxplayer Android emulator), 12 were carried out by APT groups, and 10 were not attributed to anyone.

The ENISA study was conducted as a tutorial on supply chain attacks, which typically involve attacks against B2B software vendors with a large customer base. Once a vendor is compromised, attackers move into customer networks, usually with the intent of stealing data and deploying ransomware.

ENISA criticized vendors for either not knowing or publicly disclosing how they were compromised.

The UK is using Brexit to reduce EU incident reporting requirements, and perhaps the EU will follow UK’s example.

Regarding all said above, ENISA has proposed its own unique taxonomy for analyzing attacks on supply chains. According to the agency, the MITER ATT & CK and Lockheed Martin Cyber Kill Chain frameworks are “too generic.”

In about 66% of reported incidents, cybercriminals attacked the software vendor’s code to compromise targeted customers. This shows that organizations should focus on validating third-party code and software before using them to ensure they have not been tampered with or manipulated.says ENISA.

While the advice given by the agency seems reasonable at first glance, it is not so easy to follow.

The loudest attack on the supply chain in recent years has been the compromise of SolarWinds Orion software. Attackers compromised the systems of the SolarWinds provider in order to implement a backdoor in the update of the Orion network management and monitoring software. The ultimate goal for SolarWinds customers was to install a malicious update so that attackers could eventually gain access to the networks of the victims of interest.

The malicious update was installed by 18 thousand SolarWinds clients. The update was installed via the official channel, and the backdoor was hidden in a signed .dll file, so no one suspected anything. There is little or no chance that a typical organization that is a client of a software vendor would somehow have guessed that there was a backdoor in the update.

However, it is not possible to oblige every organization to develop disassemblers, source editors, and network and memory analysis tools, and to have staff capable of using them to test every update, whether open source or closed source.

Let me remind you that we wrote that, for example, US government reclaims most of Colonial Pipeline ransom.

Sending
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Emma Davis

I'm writer and content manager (a short time ago completed a bachelor degree in Marketing from the Gustavus Adolphus College). For now, I have a deep drive to study cyber security.

View all posts

Leave a Reply

Sending