5 Ways to Protect Software Supply-Chains From Malicious Attackers

Software supply-chain attacks are not a new issue, but security teams need to learn how to manage them correctly.

After a remote attack on SolarWinds in 2020, software supply chains have become a hot topic. Unfortunately, SolarWinds has not been the only victim of a supply-chain attack.

In 2017, a NotPetya attack on tax accounting software by M.E. had detrimental effects on Ukraine. Shortly after this attack, an advanced backdoor was embedded in one of the code libraries of NetSarang’s server management software. The hacking continued when Piriform’s servers inserted malware into CCleaner’s releases. Malicious attackers targeted the Asus Live Updates Utility in Operation ShadowHammer that inserted a live backdoor, affecting more than one million users.

“Shift left” refers to a practice in which DevOps focuses on quality and security earlier in the development process. Shifting left might not be a solution to all security problems and does not remove the need to secure the right side of the DevOps chain, but it should result in less vulnerable production code. A good security strategy should cover both sides of the chain.

Supply-chain attackers commonly go for the open-source community and collaborative projects because of the popularity of Python and Javascript. Developers don’t always have control of the components they seek to use in their software development, which is a problem because hackers can steal SSH credentials or backdoor libraries. Many hackers copy SSH credentials and send them to other websites and replace crypto-currency addresses in legitimate software to hijack funds.

[You may also like: Why DevSecOps Should Strive for Effective Enforcement Measures]

Here are five ways that you can protect your organization against supply-chain attackers.

  1. Avoid the use of third-party modules

Any third-party that is used needs to be pulling the correct module from the right repository. The efficiency that third-party modules add to the developer’s process makes it slightly impractical to get rid of it entirely, so they always need to be double-checked before downloading.

2. Look out for threats when using modules created by unknown authors

Avoid using code from Stackoverflow tutorials or other popular forms. Instead, always verify code from multiple independent sources. It can be challenging to identify when the author of a malicious module has changed the code to import a typosquatted malicious module and used SEO tactics to get their tutorial ranked high in searches.

3. Perform automated scans of code submitted in repositories

By following scans very closely, the team can take action if they detect something unusual in the modules they use. Keep track of imports and automate checks against modules that have been known to be compromised.

[You may also like: Security and DevOps: Keep it Tight]

4. Always have a plan made for external services

Using “command and control channels” or “phone home” features can help receive commands or exfiltrate sensitive data from external services. A team can detect malicious attempts earlier if they ensure good visibility in traffic patterns and detect irregularities.

5. Create an on-premises and cloud strategy

Use enterprise EDR and application-level gateways, centralized logs, and run anomaly detection across all collected data and events when working on-premises.

Use automated systems that track activity and detect anomalies in the cloud. Major public cloud providers already have facilities that let teams carry out event and data collection to detect irregular behavior, but these tools need to be enabled. This will be helpful when considering agility and DevOps that create and destroy environments in the cloud for research, development, and testing. Always stay attentive because eventually, any malware or backdoor will run an anomalous behavior, exposing itself. Try to keep false positives limited to remain useable.

Protecting against supply-chain attacks is imperative for companies and organizations. In order to avoid making a small mistake that could put a company’s data at risk, supply-chain attacks need to be prevented.

The content from this post was sourced from an article our Radware team was interviewed for in S.C. Magazine .

Download Radware’s DDoS Response Guide to learn more.

Download Now

Lascia un commento