By: Justin Fier, Director of Cyber Intelligence and Analysis at Darktrace
Back in January 2021, we predicted that supply chain attacks would overtake CEO fraud. But no one anticipated how pertinent supply chains would become.
From blockages in the Suez Canal to microchip shortages affecting automotive production, from fighting for toilet paper rolls to Australian gas prices spiking because Colonial Pipeline stopped operations, 2021 showed us that our major supply chains are not only vulnerable but critical to our daily lives.
Countries and organizations are only just realizing their dependency on global systems and third-party vendors. Whether it’s meat, oil, or software, threat actors have increasingly targeted security vulnerabilities to bring production lines to a standstill. The recent string of high-profile supply chain attacks, including SolarWinds and Kaseya, has taken the world by storm.
Paradoxically, these interlinked economies are part of the reason conflict has not escalated. In an age of Big Tech and transnational corporations, ideas of national production, trade sanctions, and firm borders seem untenable.
Amateurs talk strategy, professionals talk logistics
Nothing about this should come as a surprise. The supply system has been a target for as long as warfare has existed. Logistics – the practice of having your bullets and bread in the right place at the right time – is one of the core pillars of war. The term was coined by Antoine-Henri Jomini, a general under Napoleon, who argues in “The Art of War” that although strategy and tactics comprise the conduct of warfare, logistics is the means. Without logistics in place, defeat is inevitable.
At the time of writing, the size of Napoleon’s campaigns required a new approach. Napoleon had amassed the largest army Europe had ever seen. He secured swift victories across the continent through effective logistics management, including ‘living off the land’ techniques, agreements with allies, military train regiments, and even turning a whole city into a supply center during the Ulm Campaign.
And yet, logistics ultimately led to Napoleon’s downfall. In 1812, as the Russian troops retreated, burning everything in their wake, Napoleon’s Grande Armée ran out of supplies and were forced to eat their horses – and eventually each other. Only 2% of the army survived.
“The masterpiece of a successful general is to starve his enemy” – Frederick the Great
Fast-forward to the 20th century, attacking the supply system had become a central part of offensive campaigns. Cutting off supplies during the Blockade of Germany played a decisive role in the Allied victory. Since then – from the tonnage wars to strafing to flying in provisions during the Berlin Airlift – logistics have proven influential in determining a conflict’s outcome.
Brave old world
Therefore, this year’s disruption of supply chains is nothing new – it is simply a continuation of age-old military strategy. In World War I, ships were a subversive force used in naval blockades to cut off supply lines. In World War II, aircrafts allowed the attacker to strike behind enemy lines and destroy supply vehicles and railway infrastructure. Now, adversaries are leveraging cyber in the same way: to undermine physical borders and bring a supply system to its knees.
Some cyber-attacks disrupt the supply chain, and there are those that leverage the supply chain to spread. The latter are particularly dangerous because they exploit our human tendency to trust. If an email comes from a trusted source or an application is managed by a trusted supplier, we tend to let our guards down. So rather than trying to breach large companies directly, threat actors can get in through a side door, using one undefended individual to compromise an organization – and then an entire system.
The two types are not mutually exclusive. NotPetya infected its victims through a Ukrainian tax software program, which eventually led to Maersk, the largest container shipping company in the world, halting operations for nearly two weeks.
Hitting the consumer where it hurts
Nation-states have waged this tactic for espionage, as we saw with SolarWinds and the Hafnium campaigns, and organized crime has done the same to hold large numbers of businesses to ransom. We’ve heard of double extortion ransomware, but the emergence of triple extortion – where ransomware actors threaten not only the victim but also any related third parties or customers, demanding a ransom to keep the data private – signals a new avenue of profitability for cyber-criminals.
Nor should we be surprised that the supply chain has fallen simultaneously into the firing line of cyber-crime and cyber-war. In the words of Henry E. Eccles, a rear admiral in the U.S. Navy, logistics is an economic element of the military, but equally a military element of the economy. Logistics bridges the gap between economics and warfare; the supply chain is pivotal for both.
Underestimating your supply chain risk can therefore have serious consequences for your business, just as it would for a battle. How your suppliers work, the defenses they have in place, and what happens if they get compromised are all essential questions to ensure your company’s success. A cybersecurity posture that can detect third-party breaches, a tonal language shift in an email, or a binary from a trusted source acting anomalously is an essential layer of any defensive solution.