Negombo, Sri Lanka – As artificial intelligence (AI) becomes increasingly integrated into digital infrastructure, new forms of supply chain attacks are anticipated. During Kaspersky’s APAC Cyber Security Weekend, Vitaly Kamluk, head of the Asia Pacific Research & Analysis Team at the cybersecurity firm, highlighted that while AI brings new risks, it can also be harnessed to strengthen cybersecurity measures and mitigate threats.
The concept of a supply chain has transformed significantly from its initial roots. No longer limited to physical resources and logistics, the modern supply chain has expanded into a sophisticated network of digital services, information flows, and software dependencies. This shift has introduced new complexities and, with them, a host of cybersecurity risks that could have far-reaching consequences.
Traditionally, supply chains were understood as a linear sequence of steps involving the production and distribution of goods. However, in the digital era, this concept has evolved into something far more intricate. The modern digital supply chain resembles less of a chain and more of a web or mesh, characterized by interdependencies that are difficult to map and manage.
“It’s not much of a chain anymore,” Kamluk said. “It’s a mesh of relationships, and it is extremely sophisticated.”
With this sophistication comes increased vulnerability. The interconnected nature of digital supply chains means that a single point of failure can have cascading effects across multiple systems and organizations. Kamluk highlighted this risk by referencing a recent incident (involving Microsoft and CrowdStrike — Ed.), which resulted in a massive global outage.
“The incident lasted for only 80 minutes but caused billions of dollars in damage,” he noted. This incident underscores the potential for even brief disruptions to have significant financial and operational impacts.
Linux XZ utility backdoor
One of the most alarming examples of supply chain risk in recent history is the discovery of a backdoor in the Linux XZ utility, which was found to be compromised in what experts believe was a supply chain attack. The incident, assigned CVE-2024-30942 with a maximum severity score of 10 (with 10 being the highest), involved a backdoor that could monitor every connection to the infected machine via SSH service and authenticate attackers with a hidden key.
This backdoor was not only complex but also highly sophisticated in its ability to evade detection.
The discovery of this backdoor was, in many ways, a stroke of luck, as it was detected by engineers who noticed a slight slowdown in the SSH service — a slowdown so minimal that it could have easily gone unnoticed.
The implications of this discovery are profound. Had the backdoor not been detected, it could have been used to compromise millions of systems worldwide, from data centers to Internet of Things (IoT) devices.
“We just managed to dodge a bullet,” Kamluk said, noting that the incident serves as a stark reminder of the fragility of digital supply chains.
AI and autonomous threat hunting
The integration of AI into cybersecurity solutions is believed to play a critical role in managing and mitigating these risks. AI has the potential to revolutionize how to detect and respond to cyber threats, particularly in complex digital supply chains. Among the emerging applications of AI in cybersecurity are autonomous threat hunting, adaptive AI defense systems, and AI-driven Zero-Trust architectures.
Autonomous threat hunting, for example, leverages AI to automatically identify and neutralize advanced persistent threats (APTs) without the need for human intervention. This capability is particularly valuable in the face of sophisticated attacks like the Linux XZ utility backdoor, where traditional detection methods may fall short.
Kamluk, who has been involved in reviewing hundreds of cybersecurity research submissions for the Black Hat conference this year, observed that AI-related research is becoming increasingly prevalent.
“This year, the conference was flooded with submissions on AI-related security research,” he said, highlighting the growing interest in and reliance on AI technologies in the field of cybersecurity.
Supply chain attacks
One potential threat to the supply chain involves the manipulation of AI training data. By introducing corrupted or biased data into the training process, attackers could degrade the performance of AI models or introduce vulnerabilities that go undetected until it’s too late.
“Manipulating training data is a real threat,” Kamluk said. “It can degrade the performance of the model or introduce biases that are difficult to detect, allowing malicious activities to go unnoticed for extended periods.”
In addition to data manipulation, there is also the risk of unauthorized model replacement or modification. Attackers could replace a legitimate AI model with an altered version that behaves maliciously under certain conditions. To mitigate these risks, organizations will need to implement stringent model version control, continuous monitoring, and the use of digital signatures to ensure the integrity of AI models.
Social engineering
Despite the technical sophistication of many supply chain attacks, human factors remain a critical vulnerability. Social engineering tactics, such as creating fake personas or exerting psychological pressure on developers, are often used to infiltrate trusted projects. In the case of the Linux XZ utility backdoor, the attackers reportedly spent years building trust within the developer community before introducing the malicious code.
Kamluk highlighted the importance of vigilance in this area, noting that “the way to tackle cyber attacks involves not just technical measures but also controlling access and monitoring behavior within the community.” He added that anomaly detection systems should be in place to identify unusual behavior that could indicate an insider threat.
As the complexity and interconnectedness of digital supply chains continue to grow, so too does the need for reliable cybersecurity measures. The incidents discussed by Kamluk underscore the importance of a proactive approach to managing supply chain risks, one that combines traditional cybersecurity practices with the latest advancements in AI.
While the challenges are significant, Kamluk remains optimistic about the future.
“If we put our trust in the right vendors and establish the correct processes, the future shall be bright,” he said.
You must be logged in to post a comment.