Why You Should Be Worried About A Supply Chain Attack

Cyber Defence Team
June 22, 2023


The world we live in is becoming increasingly interconnected. As businesses and individuals continue to grow reliant on technology for their daily operations, the importance of cyber security cannot be overstated. One particular aspect that demands immediate attention is the emerging threat of supply chain attacks.

A supply chain attack, in the realm of cyber security, is an attack that targets less secure elements in a organisation's supply chain. Instead of directly attacking a highly-secured network, hackers infiltrate through a weak link in the supply chain network, usually a third-party vendor or service provider with less stringent security measures.


Supply chain attacks are not monolithic. They can come in various forms, each presenting its unique challenges and requiring different prevention strategies. However, three common types stand out:

  1. Hardware Supply Chain Attacks: These occur when a device or component gets physically tampered with during production, distribution, or in a retail environment. Once installed into a network, the tampered device can enable unauthorised access or compromise the entire network to maximise its reach and damage.
  2. Software Supply Chain Attacks: A popular variant of supply chain attacks is when attackers compromise a piece of software or application  by  delivering malicious code into the software updates. When this update is distributed to customers, the malicious code gains access to their systems.
  3. Third-Party Provider Attacks: These attacks target a third-party provider with a lower security threshold that has access to the primary network. The attacker uses this access to compromise the higher-security primary network. Another type of third-party provider attack is Vendor Email Compromise (VEC). This is a more sophisticated type of Business Email Compromise (BEC) attack in which cybercriminals impersonate a third-party vendor in order to steal from the vendor’s customers.


To underscore the severity of supply chain attacks, let's reflect on a couple of high-profile incidents.

One of the most infamous examples is the 2020 SolarWinds attack. Attackers compromised the SolarWinds’ Orion software update system and planted malicious code. Once clients installed the tampered updates, the attackers gained remote access to their systems, leading to massive data breaches across various sectors globally.

Another noteworthy case is the Target data breach in 2013, a classic instance of a third-party provider attack. Hackers accessed Target's payment system through a HVAC vendor, which led to the theft of approximately 40 million customers' credit and debit card information.


Given the extensive damage supply chain attacks can inflict, organisations must prioritise supply chain attack prevention. Cyber security is not a siloed issue - a weak link in your supply chain can become a gateway for attackers to compromise your entire network.

Prevention strategies must therefore be holistic and rigorous. Here are a few recommendations:

  • Thorough Vendor Assessment: Ensure all third-party vendors follow stringent cyber security practices. Regular audits can help identify potential vulnerabilities and address them promptly.
  • Multifaceted Security Systems: Use a layered approach to security that includes endpoint and network detection and response, secure gateways and regular security updates and patches. You may also want to consider advanced behavioural technology that can monitor communications between vendors and customers and deliver real-time risk assessments.
  • Building a Security Culture: Employee security awareness can play a significant role in preventing attacks. Regular training on cyber security best practices and recognising potential threats can make a difference.
  • Incident Response Plan: Despite your best efforts, breaches may still occur. An effective incident response plan can minimise the impact and hasten recovery.


In conclusion, the complexity and interconnectivity of modern supply chains make them difficult to safeguard and consequently, attractive targets for cybercriminals. Therefore, it’s crucial that organisations understand the severity of supply chain attacks and implement robust prevention measures to protect their networks. With a proactive and comprehensive approach to cyber security, it's possible to significantly reduce the risk and ensure the ongoing integrity and security of your digital ecosystem.

At Infotrust, our team of highly trained cyber security experts are at your service to provide comprehensive cyber security services to fortify your digital landscape against such threats - from network security and email security to consulting and advisory, as well as incident response.

Feel free to reach out to us for a deeper dive into supply chain attack prevention strategies tailored to your organisation.