MITRE ATT&CK: Supply chain compromise

Introduction

Attackers are well known to install malicious software, or malware, onto compromised systems during a cyberattack. But what many may not know is that this is not the first opportunity attackers may have to sneak malware onto a machine. The supply chain that provides systems for organizations is also at risk of attack. 

This article will detail the supply chain compromise attack technique enumerated in the MITRE ATT&CK matrix. We will explore the MITRE ATT&CK matrix, the supply chain compromise attack technique, the danger of this attack technique and some real-world examples of supply chain compromise, as well as how to mitigate and detect it. 

What is MITRE ATT&CK?

MITRE is a not-for-profit corporation dedicated to solving problems for a safer world. Beginning as a systems engineering company in 1958, MITRE has added new technical and organization capabilities to its knowledge base, including cybersecurity.

To this end, MITRE released the MITRE ATT&CK list as a globally accessible knowledge base of adversary techniques and tactics based upon real-world observations. This information can then be used as the basis for the foundation of the development of threat models and methodologies for cybersecurity product/service community, the private sector and government use. 

More information on the MITRE ATT&CK matrix can be found here.

What is supply chain compromise?

Supply chain compromise refers to the manipulation of products or delivery mechanisms for the purpose of information or system compromise before the final consumer receives said products. This compromise can negatively impact any hardware or software component and even update channels. Widely-used open-source products used by many applications are included in the supply chain, making them popular targets for attackers.

This attack technique may be focused on a few specific victims or distributed to a wide array of targets. Moreover, victims may (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Chris Sienko. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/AgANf8z1Qr4/