The attacker's guide to supply chain attacks
Abstract
Take a step into the world of black hat hacking groups and follow them step by step through a supply chain attack.
Software supply chain attacks have become alarmingly more prominent over the past years. Successful exploits have changed the economics adversaries use allowing them to conduct more sophisticated attacks which have wide-reaching implementations. This presentation will focus on exactly how adversaries target and exploit the software supply chain. The audience will learn not only how attackers were able to infect the supply chain but be able to recreate many of the steps taken, and most importantly, learn what defensive measures to take to prevent their own supply chain incidents.
We first examine broadly what supply chains are using the SLSA framework and take a short journey into the interesting world of hacker economics, hackanomics if you like. Here we will explain the relationship between financial risk and reward that drives malicious actors' activities, further exploring why attacking the supply chain flipped previous economic models on this on their head.
Next, we will focus our attention on three different methods of attacking the supply chain, these are:
Attacking the CI/CD pipeline
Breaching the version control systems (VCS)
Poisoning open-source dependencies
Abusing AI LLMS
For each of these methods we will take a walk through the anatomy of high-profile successful attacks, walking the audience through how initial access was made, how privileges were escalated, and ultimately how the hackers achieved their goals.
In the final stretch, we'll synthesize our findings into effective defense strategies, emphasizing the concept of inside-out security, breach detection, and containment.