Published On : Jul 27, 2018
The United States intelligence community has issued a new warning about cyber-espionage risks postured by attacks made via the technology supply chain.
One of the major fact identified is that China, Russia and Iran are most likely to be behind these attacks. United States National Counterintelligence and Security Center (NCSC) recently stated that "China, Russia and Iran stand out amongst the most capable and active cyber actors tied to economic espionage and the budding theft of US trade secrets and proprietary information."
If we look at the major threat in this overall matter, then it has been analyzed that attackers are looking for new ways to exploit computer networks via the privileged access given to technology providers. Recently, the NCSC's director William Evanina stated that “Software supply chain infiltration is one of the key threats that corporations need to pay attention to, chiefly how software vulnerabilities are exploited”.
Supply chain attacks have the ability to smash many different machines through a single compromise and it can be harder to detect than old-style malware attacks. Due to this, Evanina emphasizing software supply infiltration as a key threat, which needed a lot of attention.
It has been further reported that the loss of sensitive information and technologies not only represents a major threat to US national security but also enables Tehran to develop advanced technologies to boost domestic economic growth, modernize its military forces and increase its foreign sales.
Earlier, a report has revealed that a computer-cleaning program was the source of a software attack. As per the reports, millions of machines were infected and that hackers had specifically targeted 18 companies, including big names such as Samsung, Asus and Intel.
The use of accountancy software to target Ukraine in the alleged NotPetya attack is another specimen of where a software supply chain was conceded. The software was used to file tax returns in Ukraine. It is also important to note that the damage done from the attack charge hundreds of millions dollars.
Considering these issues, US also upraised their concerns about foreign technology companies with close links to their domestic governments. It further reportedly cited new laws and guidelines in Russia and China which require reviews of source code.