3. Agenda
3
What are Supply Chain Attacks
Attack Vectors
In The News
Anatomy of an Attack
Defending against SCA
4. What are Supply Chain Attack
4
• Value chain attack / 3rd party attack
• Compromise of enterprise networks -> via applications, 3rd part entities
• Executed by APT groups
• Who is the target?
5. Attack vectors
5
• Third party software providers
• Data storage solutions
• Development or testing platforms
• Website services
• Repositories
7. Anatomy of an Attack – Kaseya Ransomware
7
• Happened on July 2 2021
• Kaseya VSA servers were exploited to deploy
ransomware downstream to users
• Kaseya VSA Agent Hot-Fix <- Malicious task
• Ransomware encryptor pushed agent.crt →
agent.exe
• Used DLL sideloading against Windows Defender
-> Revil -> Registry Key
• Were timed to encrypt at 1630 UTC
• Around 60 customers and 1500+ businesses
11. Anatomy of an Attack – 3CX
11
• 3CX systems were infected with TaxHaul
malware on Windows and SimpleSea on
MacOS
• Used Fast Reverse Proxy to move
laterally
13. Anatomy of an Attack – 3CX
13
• Initial Response
• Determine scope of exploited installs
• Hunt for the IOCs – Connections to the domains
and Hashes
• Hunt for child processes of the Desktop App
• Hunt for suspicious loading of the DLL files
15. Defending Against SCA
15
• Have security guidelines for suppliers
• Vulnerability management system
• Good software inventory
• Enforce change control
• Restricted access rights / controls
• Identify alternatives / failover processes
• Well defined SDLC and secure coding practices
• Protect code and repositories