The hidden risks with third-party software and how you can mitigate them
Following several high-profile third-party software security breaches, in our latest blog, IFB’s Kehinde Obafemi discusses how third-party tools your business relies on every day can add another security threat to your organisation using a case study of a recent breach, along with ways you can mitigate them.
Almost all organisations around the world, from large corporations to medium and small scale companies use third party software and services in their day-to-day business activities.
To put this into perspective, From Large to Medium sized businesses using a configuration and network management tool such as SolarWinds to manage their network infrastructure, to a small-scale business operating a convenience store and using a store payment service such as PayPoint or PayPal, are all using a third-party service.
Third party services could also be in the form of the applications commonly used by many business professionals such as Microsoft 365, Sage server for accounting etc.
Every business relies on at least one third party service/product to run their business effectively, regardless of their size.
This third-party service/product is part of every organisation’s supply chain, and an attack against a third-party provider or their service/product will most certainly have a rippling effect to their customers.
Below is a short case study looking at the cyber-attack carried out against SolarWinds, in particular.
What has happened?
A Supply Chain security breach involving the SolarWinds Orion system.
Suspected state affiliated groups launched a malware (malicious software) attack on one of SolarWinds tool – Orion Build Server.
The malware was inserted into software updates, which appeared legitimate and was downloaded by a significant number of SolarWinds customers. SolarWinds has a customer base of hundreds of thousands of organisations globally. About 33,000 of these customers were affected.
Why has it happened?
The threat actors (Cyber Criminals) most likely cracked the credentials that were required to gain access to the build server, that enabled them to insert the malicious code into the software updates.
What effect could the attack have on businesses?
With SolarWinds providing configuration and network management tools, it means their products sits in the Centre of their customer infrastructure and has the login credentials to all devices within the organisation’s infrastructure. This means the threat actors can spy on affected customers and exfiltrate data at will.
As seen above, threat actors do not need to directly attack an organisation to infiltrate their infrastructure. As all businesses rely on third party services and products it means an attack can be launched on any organisation whether it is a large corporation or a SME.
What could you do to limit the effects?
Cultivate the habit of not using the same password on numerous sites
Where possible use multiple forms of authentication to access your end devices
Have a password repository
Always adopt a zero-trust policy for your incoming mail. Do not open an email attachment or link that you feel is suspicious
All Applications installed on company resources needs to be vetted by your IT team.