Hackers normally rely on trickery and brute-force to break into your computer through the back door. But there’s one form of attack that’s more subtle, effective – and scary.
What if cybercriminals could hijack the very same systems you rely on to protect your computer? It may sound crazy, but that is exactly what a “supply chain attack” does.
What is a supply chain attack?
A normal malware attack is direct – the hacker attempts to compromise your computer head on, tricking you into installing a virus or responding to a phishing email for instance. These attacks can be identified and blocked quite easily using anti-malware software and a good firewall that automatically terminates suspicious network activity.
But a supply chain attack is a two-stage process. First, hackers break into the network belonging to a trusted provider of software or services. They then hide malware in official downloads or updates; anyone downloading and installing one of these updates also installs the malware. Ironically, patches designed to fix security problems are particularly effective for these attacks.
News broke earlier this week that Asus computer owners may have fallen victim to this kind of attack. A compromised security update was pushed out to nearly one million users last year using the Asus Live Update tool. Because the update was “official”, none of those infected by the malware realised there was a problem.
And the 2017 NotPetya ransomware attack had similar origins. I that instance, hackers were able to infiltrate the network belonging to CCLeaner, developers of Ukraine’s most popular business accounting software. The ransomware was then sent out with a security update, infecting businesses across Ukraine and beyond.
Protecting against supply chain attacks
Supply chain attacks are so effective because victims are doing the responsible thing, downloading security updates from an official source. People (quite understandably) don’t treat security updates with any suspicion at all – and nor do many anti-malware tools.
Traditional anti-virus scanners that rely on a list of digital “signatures” to identify modern malware are no longer able to keep pace with hackers. Instead, you need a tool like Panda Dome that monitors every application – including those from “trusted” sources, like security updates.
Instead of trying to identify malware directly, Panda Dome looks for patterns of activity that are consistent with malware behaviour. Activities like an application sending data to an untrusted internet server for instance, or overwriting / deleting files unexpectedly. Any suspicious activity is immediately terminated, and you will see a warning alert to let you know what is happening.
Successful defence against supply chain attacks is often down to the tools you use. Whether you’re an Asus computer owner or not, you can protect yourself against security breaches today – click here to download a free trial of Panda Dome.