A supply chain attack is when a criminal compromises a trusted vendor to commit cyberattacks across a supply chain. They can infect shared infrastructure with malware, or send convincing phishing attacks from the trusted vendor.

While you are proactively working to keep your network secure, it’s ultimately only as safe as the vendors you trust and work with. Outside organizations with an existing relationship with your company could turn into the entry point for a cyberattack.

Abnormal's recent report on vendor email compromise (VEC) shows that 44% of employees who read compromised emails proceeded to interact with them. It's crucial for organizations to learn how supply chain attacks work, how to protect your organization from supply chain attacks, and how Abnormal can help stop them.

Supply chain attacks happen when attackers target an organization by first compromising its trusted partners. Most companies work with third-party vendors. These vendors form the supply chain and share data based on trust. This trust creates a risk where supply chain attacks can succeed because they are hard to detect.

Even if your internal security is strong, your network depends on vendor security. External vendors can become entry points for a supply chain cyberattack that bypasses normal defenses. Attackers use the trust between companies and vendors to send malicious emails with fake invoices, credential phishing, or malware.

Attackers also hide malware in shared networks and update systems. Knowing what a supply chain attack is helps organizations build strong supply chain attack cybersecurity defenses.

There are two primary types of supply chain attacks in cybersecurity:

1. Software supply chain attacks involve attackers targeting software developers and suppliers. If they find a weak point, they can inject malware into a trusted app or program used across an entire supply chain of vendors.

2. Social engineering supply chain attacks involve attackers compromising a vendor account and using it to send convincing phishing attacks.

In software supply chain attacks, a cybercriminal accesses unsecured networks, servers, and apps where they can change source code to hide malware. Software developers unknowingly ship this infected code and use it by partners in their supply chain.

Besides looking for cybersecurity vulnerabilities, criminals often use social engineering tactics to exploit organizational relationships via email to gain access to a network. These include:

• Vendor Email Compromise (VEC): A criminal gains unauthorized access to an email account and uses it to target trusted partners. It often works because the malicious email comes from a vendor you trust or have worked with previously. This can be difficult for organizations to spot since a known email address is used to make the fraudulent request.

• Email Spoofing: A phishing attack using an email address that looks similar to the real organization the criminal is mimicking. It tricks the recipient into thinking the message originates from a trusted contact.

When a criminal uses one of these attacks, they ask a vendor to pay an invoice or update billing information. The business, thinking the email was sent from a trusted partner, obliges. The criminal then fraudulently receives funds.

Criminals also use exploited supply chains to spread malware through phishing emails. Supply chain attacks are highly sophisticated, and it’s challenging to identify suspicious messages from trusted email accounts.

The SolarWinds supply chain attack is probably the most recognized supply chain attack.

More than 18,000 public and private organizations used SolarWinds Orion, and they all received malicious code hidden in a routine update. Even U.S. government agencies with the strongest cybersecurity tools and services were victims. The SolarWinds attack showed that even robust cybersecurity systems can have a hard time detecting compromised vendors.

Solarwinds would attribute "...a compromise of credentials and/or access through a third-party application via an at the time zero-day vulnerability," as likely attack vectors.

Some other notable supply chain attack examples include:

• Colonial Pipeline: One compromised password of a virtual private network account was all it took to launch a ransomware attack that resulted in the shutdown of a gasoline pipeline system and a $4.4 million ransom paid to criminals.

• United States Agency for International Development (USAID): Hackers gained access to USAID's account with Constant Contact, an email marketing company, and used the account to send emails with malicious links to more than 3,000 accounts.

• Kaseya: Kaseya, a software company for managed service providers, was exploited by hackers and infected over 1,000 customers with ransomware. The hackers asked for a $70 million ransom to restore the system.

Stopping supply chain attacks requires modern email security. Since social engineering supply chain attacks usually start through email, detecting them is critical.

Traditional email security struggles to spot compromised vendor accounts. Protocols like reputation checks and attachment scans aren't enough to protect employees from supply chain attacks.

For example, the email below can bypass standard email security, even if it's from a compromised vendor.

In this case, Abnormal detected suspicious signals of a VEC attack that traditional email security misses:

• Attached invoices containing different bank numbers and routing numbers than the previous invoices.

• Urgent messages asking for payment immediately.

• The sender has never interacted with the recipient before.

• Suspicious financial requests, like irregular timing of invoices.

Abnormal can recognize social engineering tactics that average security protocols don't notice. This protects your employees from tricky phishing emails sent by a compromised vendor account.

It monitors for potential red flags like:

• Display name spoofing.

• Content and tone with unnecessary urgency or unusual financial requests.

• Suspicious links and attachments.

• Repeated requests to multiple employees to pay an invoice.

Ready to mitigate the risk of a supply chain attack and enhance your email security? Contact us today to book a demo and see how Abnormal can protect your organization.