Supply chains increasingly are being targeted by attackers, according to Accenture’s Cyber Threatscape Report.
“Threat actors have identified supply chains as being effective means of infiltrating or affecting victim organizations,” the report notes. Accenture details how attackers have used software and hardware weaponization, logistics disruptions, and intrusions to breach the security of supply chains.
The report also notes the involvement of nation-state actors in breaching supply chain systems. Highlighting examples from industrial control systems breaches by Russia and targeted Trojan software from China, Accenture noted that trend will likely continue. “Software supply chain tampering by resourced nation-state or criminal groups will continue to be used as a delivery method for increasingly sophisticated malware families.”
The growth of nation-state attacks raises national security implications as well. Regulation enacted by the U.S. government, such as the ban on Kaspersky products, “demonstrate the supreme concern nations have regarding the use of software, firmware, and hardware that is potentially weaponized or weakened prior to delivery,” the report notes. “An increasingly complex attack and intrusion vector, supply chains should be considered an inherent component of IT and OT threat models.”
Supply chain concerns remain top of mind across government. The report highlights the efforts around the Federal Acquisition Supply Chain Security Act, introduced in the Senate in July. The House Homeland Security Committee also approved the Federal Information Technology Supply Chain Risk Management Improvement Act last month.