Threat Intelligence: The Ever-Present Danger of Supply Chain Attacks - D1 Defend D1 Defend

The situation with the Citrix Bleed vulnerability has escalated.   

At least 60 credit unions across the U.S. have been knocked offline by a ransomware attack against their 3rd party cloud provider in the past few days. Citrix Bleed was the attacker’s way in, but this email isn’t just about another vulnerability.  

This email is about something far worse: supply chain attacks! We’re seeing case after case of devastating supply chain attacks that are crippling critical infrastructure, leaving everyday businesses as victims. 

One of the largest examples of this unfolded on July 2, 2021 against Kaseya, a Miami-based software company, a case that brings into focus the level of damage that can be inflicted by a supply-chain attack.  That attack against Kaseya disrupted nurseries, schools, pharmacies, and supermarkets in 17 countries.  Millions of people were impacted. 

Supply chain attacks are tricky because they work through existing relationships, and you can’t simply block them. Your MSP’s reputation is on the line, and guess what?  If hackers use you to get to your clients, your clients are in danger because of you. So, if you don’t take proactive steps, you’ve unknowingly added trojan horse software to your whitelists. 

Throughout 2023 we’ve seen attack after attack.  You may remember some of the major ones: 

• February 2023 – Applied Materials Supply Chain Attack: A key partner of Applied Materials was targeted, causing a staggering $250 million loss in Q1 2023. This caused significant shipment delays and financial turmoil! 
• February 2023 – University of San Francisco Attack: Imagine a doctor not being able to operate because of a system being offline for several days. Staff members were unable to access records or schedule surgeries and personal information belonging to clinical trial participants was stolen.  
• March 2023 – 3CX Supply Chain Attack: Malware was silently delivered to and hidden in a number of client organizations. It acted as a ticking time bomb, with the hackers in control of the detonator switch.
• June 2023 – MOVEit Supply Chain Attack: Personal data and flight safety was compromised in a massive breach, compromising travel security for thousands. 

Supply Chain Attacks are no joke. We anticipate more issues around supply chain attacks with entry ways such as the Citrix Bleed vulnerability. 

Once you deploy a product, your vendor is given unchecked access to your network. You need to commit to becoming vigilant and increasing the readiness of your MSP and your clients. 

What’s the solution? Start by using a Level 1 pen test to see if you find any vulnerabilities in your client’s environment. 

Then, meet with the client to establish a recurring cadence with comprehensive, Level 3 pen tests that demonstrate supply chain attack vectors. One weak link can totally devastate your reputation, and it’s important that you’re not blindsided by that reality. 

Having a comprehensive test done regularly is the major line of defense to stop a supply chain compromise. You can use your quarterly meetings to guide clients to go from basic defense to a powerful shield of defense in layers. 

As you continue to prepare your clients to survive a supply chain risk in the New Year, we want you to know that we’ve got your back. We’ll be adding additional details related to supply chain attacks in our pen test findings to ensure you don’t become a victim of a hacker with unchecked control over your clients. 

Please, don’t ignore this invisible threat, reach out to your PSM about recurring Level 3 pen tests for you and your clients today before a mistake that some other company made becomes your problem.