From the NotPetya attacks last year to the recent hijack of the MEGA browser plugin, it’s obvious that supply chain compromise isn’t just a theoretical risk anymore. But how do you threat hunt in an environment that isn’t your own? This is a difficult task, but we really focus on looking for the few indicators that are legally visible from outside the network.
A few visible things you can (and should) look for when threat hunting in your supply chain:
You can download slides here. If there’s enough interest, we might do a webcast in the coming weeks.
While you’re thinking about supply chain security, check out our Supply Chain Risk Framework (SCREATH) here. It’s a 65 question worksheet that can help you quantify risks between vendors, allowing you to perform apples to apples comparisons.
If you think your network might be compromised and need with Threat Hunting, Adversary Emulation, Incident Response, or other security needs, please contact Rendition Infosec.
This will be copy area - something to the effect of estimated ship time if applicable