Supply chain attacks and the many (other) different ways I've backdoored your dependencies
I recently read a blog post with a similar title as this one, which outlined different supply chain attacks on CI/CD pipelines, and largely focused on software immediately related to the deployment and development of products. Although the post contained a few well-known attacks, I thought I could expand on them with a greater focus on supply chains which may not be noticed by (especially) smaller organizations. Variations and combinations of each of these may also be a concern.
One day, your hosting provider receives a phone call appearing to come from your number. “Hello, my name is Archibald Tuttle. I have a few servers with you and have locked myself out of my account. How can I gain access back again?”
After a quick chat where Archibald exchanges some not-so-private information like date-of-birth, email address, and address, he is provided with a method to gain access to your hosting account. The friendly support person even removes the 2-factor-authentication for you!
Quickly, “you” use the remote administration tool provided by the hosting provider to gain root access to all of the servers and siphon off all the assets you’d ever want, either disappearing into thin-air after that or performing some sort of defacement or whatever.
