Share this article on:
Supply chain attacks are set to be a major threat to many businesses in Australia and the Asia-Pacific (APAC) region going forward.
The increased risk comes from the region’s increased adoption of open-source software during the pandemic, leaving them open to malicious supply chain attacks and other hacks.
For context, open-source software is considered more vulnerable due to the way that its code can be viewed, meaning hackers are more easily able to find vulnerabilities and develop plans of attack.
A large number of open-source vulnerabilities have been discovered in recent history too, including the infamous Log4Shell, a zero-day vulnerability in the popular Log4j Java logging framework.
Supply chain attacks, as the name suggests, involve bad actors targeting third-party developers, such as those of open-source code. As a result, one attack can affect countless businesses.
In an interview with SecurityBrief Australia, deputy chief information security officer of LogRhythm Kevin Kirkwood shared trends he believes will shape the APAC region’s cyber ecosystem.
“With the region’s high reliance on open-source software, organisations are likely to be perceived as prime targets to cyber threats from supply chains,” he said.
“In 2023, we will see bad actors attack APAC’s vulnerabilities in low-hanging open-source vendors with the intention of compromising the global supply chain that utilises third-party code.”
Supply attacks have had dramatic effects in the past, such as with the SolarWinds hack back in 2020, which saw cyber criminals exploit a vulnerability in the SolarWinds Orion platform that allowed them to impersonate users and accounts of the thousands of companies using it.
SolarWinds clients included government agencies and multinational corporations. According to Microsoft, the Nobelium hacking group that was alleged to have carried out the attack gained access to around 3,000 email accounts across 150 organisations.
The scale for supply chain attacks is massive and with the increased adoption of open-source software in the Asia-Pacific region increasing, a part of the world that is already attractive to hackers becomes increasingly lucrative.
However, as a survey conducted by ReversingLabs points out, businesses are aware of the issue and will likely change their thought process around security.
For example, 98 per cent of respondents agreed that third-party, open-source software and software tampering is indeed a risk.
“If data from the past three years is any indication, attacks on software supply chains will increase in both frequency and severity in 2023, as they have in each of the last three years,” said ReversingLabs.
“That, along with new regulations and guidance intended to address supply chain risk, will put new pressure on development organisations and enterprises.
“Going forward, ReversingLabs researchers anticipate a shift in both security thinking and investment.
“Expect to see increased scrutiny of both internal and shared code for evidence of secrets such as access credentials for cloud-based services like AWS and Azure; SSH, SSL and PGP keys, and assorted other access tokens and API keys.”