Protecting Against Supply Chain Attacks
Supply chain attacks are a fast growing method for infiltration. In a supply chain attack, bad actors attempt to infiltrate an organization by exploiting vulnerabilities in its supply chain network.
While the attack is indirect, bad actors are attracted to attempt supply chain attacks to gain immediate access to a broader set of end-users. For example, when remote management vendor, Kaseya, was breached in July 2021, bad actors were able to immediately spread ransomware to more than 1,500 of their customers.
The number of software supply chain attacks is significantly increasing. In Sonatype’s 2021 State of Software Supply Chain recognizes a 650% year-over-year increase in supply chain attacks from 2015 to 2021. According to the Identity Theft Resource Center (ITRC), there were 19 supply chain attacks just in Q4 2020.
year of year increase in attempted intrusions.
year over year increase in software supply chain attacks.
the number of customers estimated to have been impacted by the Kaseya supply chain attack.
Spyderbat captures the causal relationships across every process, network connection, and file access performed by the update
Once attack techniques are detected, Spyderbat allows for an immediate recognition of the source back to the third-party update even if months prior. The attack’s full footprint is revealed since any/all activity between the previous software update and the current detection is captured, even if the bad actor/malware uses random weight periods in between activities.
Because Spyderbat does not rely on log data analysis, the attack trace is captured even if logging systems were disabled (or never enabled to begin with). This allows for full mitigation of the threat including new installed backdoors, created user accounts, etc.