In an increasingly interconnected world, reliance on technology such as smartphones, notebooks, and critical infrastructure systems is paramount. This dependence is supported by regular software and security updates from manufacturers, forming a complex supply mesh that facilitates international trade, travel, and commerce. However, this intricate network can also become a vulnerability, as demonstrated by the recent catastrophic incident involving CrowdStrike, a US-based cybersecurity company.
On July 19, 2024, a routine content configuration update by CrowdStrike triggered an unprecedented global crisis. The update, intended to enhance the protection mechanisms of CrowdStrike’s Falcon platform, resulted in a continuous reboot loop for over 8.5 million Windows machines worldwide. This malfunction effectively halted operations across critical infrastructure sectors, including hospitals, banks, airlines, and government agencies. The affected systems were primarily Windows hosts running sensor version 7.11 and above, which were online during the update release period. While Mac and Linux hosts were not impacted, the incident exposed the potential aftermath of a perfectly executed supply chain attack, even though this particular scenario was not initiated by any Advanced Persistent Threat (APT) groups.
Kaspersky experts have highlighted the significance of this event, noting that it demonstrates the critical vulnerabilities within supply chains. Kaspersky’s Global Research & Analysis Team (GReAT) has been at the forefront of investigating such incidents, emphasizing the need for robust cybersecurity measures to prevent similar occurrences in the future.
Earlier in 2024, the Linux XZ Utils project, a set of free data compression command-line tools and a library, was compromised in a sophisticated supply chain attack. The attack involved a highly complex backdoor that tampered with the logic of OpenSSH, allowing unauthorized access. This incident, tracked in the NIST National Vulnerability Database as case CVE-2024-30942, highlighted the potential for exploitation by malicious threat actors. The attacker, operating under the username JiaT75, built trust within the XZ Utils project over time, ultimately gaining control and privileges to merge commits. The backdoor was cloaked with complex obfuscations, becoming a dependency for SSH on some operating systems and allowing unfettered access to infected systems. Although detected in time, this incident emphasized the viability of social engineering in combination with the nature of open-source software as another avenue for supply chain attacks.
Kaspersky’s involvement in the analysis and mitigation of the Linux XZ Utils attack further underscores their expertise in the cybersecurity landscape. Their detailed forensic analysis and commitment to improving software integrity have been instrumental in addressing these sophisticated threats.
AI is increasingly integrated into society, optimizing infrastructure in smart cities, enhancing healthcare, education, agriculture, and more. However, AI is not infallible and can be subjected to supply chain attacks by injecting malicious input. Potential avenues of attack include manipulating training data to introduce biases and vulnerabilities into the model or modifying AI models to produce incorrect outputs. Such behavior could go undetected for extended periods, allowing malicious activities to remain hidden. For Advanced Persistent Threats playing the long game, supply chain attacks can lie dormant, waiting for the right target while obfuscating the malware payload, hiding it as a legitimate file, and placing extended tools within a trusted company’s infrastructure to facilitate higher-level access or a full system compromise. The long-term possibility of bugs or flaws introduced into AI models during supply chain attacks could degrade capabilities and quality over time, impacting crucial systems with wide-reaching or critical importance.
Readily available large language model AIs, such as ChatGPT, CoPilot, and Gemini, can be manipulated to create convincing spear phishing attacks, while AI deepfakes can mimic important personnel. This was demonstrated in Hong Kong, where a threat actor mimicked the image of a company’s chief financial officer, resulting in a loss of $25 million. Specialists at Kaspersky’s AI Technology Research Center have been applying artificial intelligence to cybersecurity for nearly two decades, developing Ethical AI to improve everything from AI-enhanced threat detection and alert prioritization to threat intelligence powered by generative AI.
To address the potential threat landscape of supply chain attacks, organizations need to adopt several strategies. Kaspersky emphasizes the importance of rigorous testing before builds go live, thorough tools integrity, strict manufacturing control, model version numbers and validation, continuous monitoring for anomalies, digital signatures for builds, and regular security audits. These measures aim to manage or minimize the potential impact of supply chain attacks on their infrastructure, ensuring that such incidents do not cause widespread disruptions to the global economy.
In conclusion, the incidents involving CrowdStrike and Linux XZ Utils highlight the critical vulnerabilities in the global supply chain. Kaspersky’s ongoing research and analysis underscore the need for robust cybersecurity practices to protect against such sophisticated threats. As AI becomes more integrated into society, the importance of securing these technologies from supply chain attacks cannot be overstated.
