b'Whatis a Supply Chain At t ack?Jack Gerbs, QuanexusThe SolarWinds attack inunknowingly add the malware to their the news has brought upsystems.many new terms thatThe SolarWinds attack is greatly may not be familiar toconsequential for two reasons. First, the business owners.TodayOrion tool is a Network Management System, we are going back-to-meaning the hackers gained access at the basics to discuss supplynetwork level, and had the same permissions chain attacks. the management tool had. This allowed Every business uses third party software and hardware. Even the smallest business has to communicate with vendors and customers, receive, ship, bill, and inventory. A supply chain attack occurs when criminals infiltrate your system through an outside partner or provider with access to your systems and data. When a supply chain attack occurs, hackers have access to the same data and permissions the software infiltrated has access to.Attackers target software developers and suppliers looking for access to source code, or update tools. The goal is to infect a legitimateattackers to change network settings, move piece of software and use that software tolaterally through the network, and also target distribute malware to customers. Hackersthe user level. break into manufacturers? servers and hide malware in software updates. When theseSecond, the Orion tool is used by large updates are pushed out by trusted vendors,corporations, and the US Government. The the updates are certified as safe. CustomersSolarWinds Network Management System is who are following sound IT practices patch andused by 425 of the US Fortune 500.update their systems regularly, and Many of the large cyber-attacks that make the news are supply chain attacks. The Target breach in 2014 was blamed on a third-party vendor, as well as the Equifax breach in 2017. The SolarWinds attack is the largest and most consequential supply chain attack we have seen, but it follows a pattern well established in the cyber crime landscape.www.ohiomasonry.org 3'