• Joel Fulton, CEO at Lucidum

Supply Chain Attacks Escalation and Evolution by Foreign Nation States

In Episode 6 of Know Your Adversary™, we detail a previous supply chain attack from 2007 and then again in 2015 against a security software company. Foreign nation state adversaries conducted detailed reconnaissance and knew when a router was going to be rebooted for maintenance updates. Upon rebooting the router, the attackers “slipped through the crack” and into the software provider’s network by exploiting a vulnerability of the router model. This gave them a foothold into the software provider’s environment. The attackers then attempted to escalate to compromise the certificate authorities potentially to go upstream and compromise the software provider’s customers. Luckily, knowledge of a previous attack that occurred five years ago, compliance checks, and the properly alerting configurations contained the incident before it became a large-scale breach.

Our guest is Lucidum CEO Joel Fulton, a previous security practitioner for the security software company.

Here are some of the key takeaways from the episode:

  1. Supply chain attacks have been a common vector for many years, but are becoming more sophisticated as displayed during the Solarwinds and Kaseya attacks.
  2. Appropriate compliance controls allowed the software provider to maintain redundant visibility from internal telemetry when the adversary wiped the memory from the router. They were able to show that the attack was contained within the first two hours of the router exploitation and the attacker went no further. 
  3. Threat intelligence, including External Attack Surface Monitoring, is critical to detailing actual reconnaissance that is ongoing against the enterprise, not just vague threats to the broader industry.
Adversary Research
Discovering the methods, motives and identity of threat actors to disrupt attacks 
Reputation Defense
Technical guidance for countering disinformation and slanderous attacks 
Trust & Safety
Intelligence to secure business operations and defend against fraud, abuse and e-crime 
TPRM Exposure
Adversary-centric intelligence to address supplier, M&A and investment risks 
Outside Intel
Research for defending outside the firewall that leverages tier 3 intelligence programs 
Executive Shield
Assessment of threats to key personnel with attribution and PII takedown  
Adversary Insights℠ Retainer
Annual retainers for client-driven inquiries and rapid-response research 
Intelligence Team as a Service
Collaborative engagement providing robust intelligence and tier 3 cyber analysts  
Event-Driven Intel Investigations
Multidimensional security fact-finding that delivers insights into adversary behavior 
On Demand Threat Research
Proactive and preventative investigations that reveal threat actor context and risk correlations 
Investment Zero Touch Diligence℠
Project-based discovery to assess risk for investments, IPO, Mergers and Acquisitions 
TPRM Zero Touch Diligence℠
Subscription assessment of external network hygiene, key personnel, and non-traditional business risks