Preparing to Defend the Lesser Targeted Systems in the Supply Chain

Summary

In the last year, supply chain trust and security challenges have been top of mind and continue to require executive attention even now. In addition to global supply and demand challenges, new attack methodologies have been identified that are pursuing  some parts of the supply chain that historically haven’t been targeted. While this is certainly cause for concern, their success is not a foregone conclusion. It just requires proportional attention in terms of cybersecurity and taking proactive steps before the problem arises.

New areas of exploitation

In the coming year, traditional targets will remain high on the menu for cybercriminals, but we expect to see new areas for exploitation that include some of the previously lesser-targeted systems.
 
This includes Linux, which in many networks utilize for back-end computing systems. As the popularity of Linux has grown, so has its popularity as a target for attackers. New malicious binaries have recently been detected targeting Microsoft’s WSL (Windows Subsystem for Linux). This is a compatibility layer for running Linux binary executables natively on Windows 10, Windows 11 and Windows Server 2019. And attackers are already writing botnet malware for Linux platforms.
 
It’s now uniformly common to see attacks against Linux operating systems and applications running on those systems and attacks on Windows operating systems. An added factor is the fact that Windows has added more Linux-type capabilities. This means the same types of attacks are becoming more common across platforms, so it’s now easier for attackers who are targeting Linux systems.
 
These circumstances further expand the attack surface into the core of the network and increases the threats that require innovative and proactive defense. This has ramifications for operational technology (OT) devices and supply chains in general that run on Linux platforms.

Defending the expanding attack surface

IT and OT leaders need a comprehensive, integrated security approach to defend against this new wave of threats. Organizations need to replace point products with security devices designed to interoperate as a unified solution regardless of where they are deployed. They need to protect every user, every device and every application with a unified policy that can track data and transactions from end to end. Centralized management will enable the consistent enforcement of policies, the prompt delivery of configurations and updates, and the central collection and correlation of suspicious events that may occur anywhere across the network—including to, between and within cloud environments.
 
Moving forward, a strong recommendation would be that enterprises continue this momentum by hardening their Linux and other traditionally lower-profile devices. They should also have tools in place designed to protect, detect and respond to threats that target these devices. In the same vein, enterprises need to take a security-first approach when adopting new technologies, whether upgrading Windows-based systems or adding satellite-based connectivity, to ensure that protections are in place before adding them to the network. Additionally, embracing behavioral analytics is foundational to detecting “left hand” threats. Spotting and blocking an attack during initial reconnaissance and probing efforts can help raise threat awareness and prevent problems arising later in the attack chain.
 
Detection and prevention are key attributes in this war against evolving cyber-attack tactics and techniques. Adoption of security solutions should be based on an ability to detect and prevent both known and unknown threats and respond to active threats in real time before attackers can establish beachheads or deliver malicious payloads. In addition, artificial intelligence (AI) and machine learning (ML) capabilities can be deployed pervasively across the network to baseline normal behavior and respond instantly to changes and to detect and disable sophisticated threats before they can execute their payloads. Such pre-emptive strategy is essential in correlating massive amounts of collected data to detect malicious behavior, including using threat feeds and attack profiles to predict the most likely places an attack may occur and proactively bolstering those defenses. Other advanced technologies, like deception, should also be considered to turn a traditionally passive network into an active defense system.

Securing the supply chain

Threats show no sign of slowing down, and OT leaders need to take action now. This includes securing components and operations of your network architecture that previously went unnoticed by attackers. The time to act is now, before such attacks become rampant and it’s too late to make the needed critical changes. Digitally connected IT/OT enterprises demand deep integration, automation and broad deployment. They also require hyper-scalability and high performance. These components must all be present and work together to safeguard and ultimately trust today’s supply chains.