Cracks in the chain: A technical analysis of real-life supply chain security incidents

As Industry 5.0 drives greater digitalization and interconnectivity, supply chains have become vital to global commerce, ensuring the seamless flow of goods, services, and data. However, this reliance has also swelled the attack surface, rendering supply chains a prime target for evildoers. Meanwhile, the inherent complexity of supply chain ecosystems prevents defenders from fully applying contemporary security controls promptly and effectively. Clearly, the combination of these hindering factors has led to some of the most severe cybersecurity incidents of the past years. This study is the first to our knowledge that undertakes a comprehensive technical analysis of reported supply chain security incidents. Our analysis is done both from offensive and defensive prisms, leveraging well-established cybersecurity frameworks and guidelines, namely, the ATT&CK MITRE knowledge base matrix and the NIST SP 800-161, respectively. Furthermore, to consolidate our findings and facilitate future research initiatives, we compiled a fundamental dataset that can be used as the basis for automated analysis and potential integration with cybersecurity workflows. The key observations of a 33-incident analysis through the lens of an ATT&CK MITRE- and NIST SP 800-161-based taxonomies we propose can be wrapped up into two key points. First, the attack surface continues to expand, following an upward spiral due to the mushrooming of tactics and techniques that can facilitate the early or late stages of attacks, highlighting their complexity, sophistication, and widespread impact. Second, our findings underscore the necessity of a multifaceted approach to strengthening supply chain resilience. This includes implementing robust cybersecurity controls, comprehensive risk assessment methodologies, and transparent collaboration among suppliers, customers, and vendors to ensure adherence to state-of-the-art cybersecurity best practices.