Threat Landscape for Supply Chain Attacks#

With half of the attacks being attributed to Advanced Persistence Threat (APT) actors, their complexity and resources greatly exceed the more common non-targeted attacks, and, therefore, there is an increasing need for new protective methods that incorporate suppliers in order to guarantee that organizations remain secure.

Supply chain refers to the ecosystem of processes, people, organizations, and distributors involved in the creation and delivery of a final solution or product5. In cybersecurity, the supply chain involves a wide range of resources (hardware and software), storage (cloud or local), distribution mechanisms (web applications, online stores), and management software.
There are four key elements in a supply chain:

  • Supplier: is an entity that supplies a product or service to another entity.

  • Supplier Assets: are valuable elements used by the supplier to produce the product or service.

  • Customer: is the entity that consumes the product or service produced by the supplier.

  • Customer Assets: are valuable elements owned by the target.

An entity can be individuals, groups of individuals, or organizations. Assets can be people, software, documents, finances, hardware, or others.

A supply chain attack is a combination of at least two attacks. The first attack is on a supplier that is then used to attack the target to gain access to its assets. The target can be the final customer or another supplier. Therefore, for an attack to be classified as a supply chain one, both the supplier and the customer have to be targets.

Enisa pulished a great report on Supply Chain Attacks. This report aims at mapping and studying the supply chain attacks that were discovered from January 2020 to early July 2021.

Download the report , published: July 29, 2021

Attribution for the content of this section Enisa: Enisa is a the European Union Agency for Cybersecurity.