Cracks in the chain: A technical analysis of real-life supply chain security incidents

IF 5.4 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security Pub Date : 2025-09-19 DOI:10.1016/j.cose.2025.104673

Vyron Kampourakis , Georgios Kavallieratios , Vasileios Gkioulos , Sokratis Katsikas

{"title":"Cracks in the chain: A technical analysis of real-life supply chain security incidents","authors":"Vyron Kampourakis , Georgios Kavallieratios , Vasileios Gkioulos , Sokratis Katsikas","doi":"10.1016/j.cose.2025.104673","DOIUrl":null,"url":null,"abstract":"<div><div>As Industry 5.0 drives greater digitalization and interconnectivity, supply chains have become vital to global commerce, ensuring the seamless flow of goods, services, and data. However, this reliance has also swelled the attack surface, rendering supply chains a prime target for evildoers. Meanwhile, the inherent complexity of supply chain ecosystems prevents defenders from fully applying contemporary security controls promptly and effectively. Clearly, the combination of these hindering factors has led to some of the most severe cybersecurity incidents of the past years. This study is the first to our knowledge that undertakes a comprehensive technical analysis of reported supply chain security incidents. Our analysis is done both from offensive and defensive prisms, leveraging well-established cybersecurity frameworks and guidelines, namely, the ATT&CK MITRE knowledge base matrix and the NIST SP 800-161, respectively. Furthermore, to consolidate our findings and facilitate future research initiatives, we compiled a fundamental dataset that can be used as the basis for automated analysis and potential integration with cybersecurity workflows. The key observations of a 33-incident analysis through the lens of an ATT&CK MITRE- and NIST SP 800-161-based taxonomies we propose can be wrapped up into two key points. First, the attack surface continues to expand, following an upward spiral due to the mushrooming of tactics and techniques that can facilitate the early or late stages of attacks, highlighting their complexity, sophistication, and widespread impact. Second, our findings underscore the necessity of a multifaceted approach to strengthening supply chain resilience. This includes implementing robust cybersecurity controls, comprehensive risk assessment methodologies, and transparent collaboration among suppliers, customers, and vendors to ensure adherence to state-of-the-art cybersecurity best practices.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"159 ","pages":"Article 104673"},"PeriodicalIF":5.4000,"publicationDate":"2025-09-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Security","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167404825003621","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

As Industry 5.0 drives greater digitalization and interconnectivity, supply chains have become vital to global commerce, ensuring the seamless flow of goods, services, and data. However, this reliance has also swelled the attack surface, rendering supply chains a prime target for evildoers. Meanwhile, the inherent complexity of supply chain ecosystems prevents defenders from fully applying contemporary security controls promptly and effectively. Clearly, the combination of these hindering factors has led to some of the most severe cybersecurity incidents of the past years. This study is the first to our knowledge that undertakes a comprehensive technical analysis of reported supply chain security incidents. Our analysis is done both from offensive and defensive prisms, leveraging well-established cybersecurity frameworks and guidelines, namely, the ATT&CK MITRE knowledge base matrix and the NIST SP 800-161, respectively. Furthermore, to consolidate our findings and facilitate future research initiatives, we compiled a fundamental dataset that can be used as the basis for automated analysis and potential integration with cybersecurity workflows. The key observations of a 33-incident analysis through the lens of an ATT&CK MITRE- and NIST SP 800-161-based taxonomies we propose can be wrapped up into two key points. First, the attack surface continues to expand, following an upward spiral due to the mushrooming of tactics and techniques that can facilitate the early or late stages of attacks, highlighting their complexity, sophistication, and widespread impact. Second, our findings underscore the necessity of a multifaceted approach to strengthening supply chain resilience. This includes implementing robust cybersecurity controls, comprehensive risk assessment methodologies, and transparent collaboration among suppliers, customers, and vendors to ensure adherence to state-of-the-art cybersecurity best practices.

查看原文本刊更多论文

供应链裂缝：现实供应链安全事件的技术分析

随着工业5.0推动更大程度的数字化和互联互通，供应链已成为全球商业的重要组成部分，确保了商品、服务和数据的无缝流动。然而，这种依赖也扩大了攻击面，使供应链成为不法分子的主要目标。同时，供应链生态系统固有的复杂性使防御者无法及时有效地充分应用现代安全控制。显然，这些阻碍因素的结合导致了过去几年一些最严重的网络安全事件。据我们所知，这项研究首次对报告的供应链安全事件进行了全面的技术分析。我们的分析从进攻和防御两个角度进行，分别利用完善的网络安全框架和指导方针，即ATT&；CK MITRE知识库矩阵和NIST SP 800-161。此外，为了巩固我们的发现并促进未来的研究计划，我们编制了一个基本数据集，可作为自动化分析和潜在集成网络安全工作流程的基础。通过基于ATT&；CK MITRE和NIST SP 800-161的分类法，我们提出的33个事件分析的关键观察结果可以概括为两个关键点。首先，攻击面继续扩大，由于战术和技术如雨后春笋般涌现，可以促进攻击的早期或后期阶段，从而突出了它们的复杂性、复杂性和广泛的影响。其次，我们的研究结果强调了加强供应链弹性的多方面方法的必要性。这包括实施强大的网络安全控制，全面的风险评估方法，以及供应商、客户和供应商之间的透明合作，以确保遵守最先进的网络安全最佳实践。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Computers & Security 工程技术-计算机：信息系统

CiteScore

12.40

自引率

7.10%

发文量

365

审稿时长

10.7 months

期刊介绍： Computers & Security is the most respected technical journal in the IT security field. With its high-profile editorial board and informative regular features and columns, the journal is essential reading for IT security professionals around the world. Computers & Security provides you with a unique blend of leading edge research and sound practical management advice. It is aimed at the professional involved with computer security, audit, control and data integrity in all sectors - industry, commerce and academia. Recognized worldwide as THE primary source of reference for applied research and technical expertise it is your first step to fully secure systems.