What Is A "Supply Chain Attack"?

You've heard about the SolarWinds attack, nicknamed Sunburst.

The list of victims is long, and growing.

Everyone is trying to control the damage.

The victims did nothing wrong, other than trusting an otherwise trustworthy organization.

And it has echoes of the 1982 Chicago Tylenol Murders.

And that's a great way to understand a "Supply Chain Attack."

Let's do some quick time traveling back to the 80s - I know you want to blow out that hair and pop in some Bon Jovi on the 8-track, but this is serious.

In September of 1982, several people died suddenly. Healthy people. All died of cyanide poisoning.

That doesn't just happen.

Everyone lived in suburban Chicago, with some people even in the same family, living in the same home.

Initial confusion led to fear, which drove investigations.

In due time, officials realized the common thread: all victims recently took Tylenol. While this still left a lot of unanswered questions, the first response was to avoid Tylenol completely.

Further investigation uncovered the supply chain tampering.

What happened?

Police determined that a still-unknown criminal acquired bottles of Tylenol from local Chicago retailers. The unsub opened the bottles and put in the killing agent, cyanide.

From there, the perp snuck the bottles back into stores and neatly placed them on shelves for unsuspecting victims to purchase.

Sadly, people died, and police never identified the criminal.

How does this relate to the SolarWinds attack?

Cybercriminals strategically hacked one element of the supply chain, and it affected numerous downstream consumers.

The hackers (purportedly of Russian origin) first compromised SolarWinds. Next, they compromised the company's trusted update software.

From there, they hijacked an update to the company's Orion platform - used widely in government and across the Fortune 500.

When SolarWinds clients (those governments and big businesses) updated their software, the malicious code slipped right in.

Just like the Tylenol tragedy, the costs of the Sunburst attack are enormous.

And just like the Tylenol case, it just took one strategic criminal, hitting at the right place, to cause severe harm.

While much of the Sunburst damage is in data and dollars, the 21st century's collision of the digital and physical world can lead to disastrous physical consequences.

Both of these stories are absolutely awful.

When it comes to the digital world, the good news is that these attacks can be avoided.

Virtually every attack starts in the exact same way. (And yeah, it looks like that's exactly what happened at SolarWinds, too!)

They all start with Phishing emails.

The next best step is training your team to avoid the initial Phishing email, the ones that organizations are getting every single day.

Are you ready to take action?
We make it easy to protect your team from attacks just like this one. Find out how to protect your team with INFIMA's Automated Security Awareness platform.

Start with a quick quote - hit us up here! (No sales call necessary!)