b'Whatis a Supply Chain At t ack?By: Jack Gerbs, QuanexusThe SolarWinds attack in the news has brought up many new terms that may not be familiar to business owners.Today we are going back-to-basics to discuss supply chain attacks.Every business uses third partyby large corporations, and the US Government. software and hardware. Even the smallest businessThe SolarWinds Network ManagementSystem is has to communicate with vendors and customers,used by 425 of the US Fortune 500.receive, ship, bill, and inventory. A supply chain attack occurs when criminals infiltrate your systemMany of the large cyberattacks that make the through an outside partner or provider with accessnews are supply chain attacks. The Target breach to your systems and data. When a supply chainin 2014 was blamed on a third party vendor, as attack occurs, hackers have access to the same datawell as the Equifax breach in 2017. The and permissions the software infiltrated has accessSolarWinds attack is the largest and most to. consequential supply chain attack we have seen, Attackers target software developers and suppliersbut it follows a pattern well established in the looking for access to source code, or update tools.cybercrime landscape.The goal is to infect a legitimate piece of software and use that software to distribute malware to customers. Hackers break into manufacturers?Quanexusservers and hide malware in softwareupdates.571 Congress Park Dr.When these updates are pushed out by trustedDayton, OH 45459vendors, the updates are certified asquanexus.comsafe.Customers who are following sound ITPH: 937.885.7272practices patch and update their systems regularly, and unknowingly add the malware to their systems." T he goal is to infect a legitim ate piece of softw ar e and use that softw ar e to distr ibute m alw ar e to custom er s."The SolarWinds attack is greatly con-sequential for two reasons. First, the Orion tool is a Network ManagementSystem, meaning the hackers gained access at the network level, and had the same permissions the management tool had. This allowed attackers to change network settings, move laterally through the network, and also target the user level. Second, the Orion tool is used www.ohioroofing.com 13'