1.6 Threat vectors & attack surfaces
📘CompTIA Security+ SY0-701
1. What is a Supply Chain in IT Security?
In IT, a supply chain is the network of organizations, services, and products that work together to deliver technology solutions. This includes:
- MSPs (Managed Service Providers) – companies that manage IT services for other businesses, like cloud services, backups, or security monitoring.
- Vendors – companies that sell software, hardware, or services.
- Suppliers – companies that provide components, software libraries, or raw materials for IT systems.
Why it matters:
If any part of this chain is compromised, your organization’s systems can be at risk. Threat actors often target weaker links in the supply chain to gain access to multiple organizations at once.
2. How Supply Chain Threats Happen
Threats in the supply chain usually occur when attackers exploit trusted relationships. Here’s how:
a) MSPs (Managed Service Providers)
- Attackers may target MSPs because they often have access to many client networks.
- If an MSP is compromised, all their clients could be affected.
- Example attacks MSPs face: malware injection, ransomware, or stolen credentials.
Key point for the exam: MSP breaches can affect multiple clients simultaneously because of the trust and access MSPs have.
b) Vendors
- Vendors provide software or tools that companies install in their systems.
- If a vendor’s software is compromised, it can introduce malware into client networks.
- Example: Software updates could be tampered with to include malicious code (this is called a software supply chain attack).
Key point: Even trusted vendor software can be dangerous if it is manipulated by attackers.
c) Suppliers
- Suppliers provide physical or digital components.
- Risk here is often from hardware or firmware compromises, where malicious code is pre-installed in devices or components.
- Example: A network switch or server bought from a compromised supplier could have backdoors built in.
Key point: Supply chain threats are not just software—they can also come from hardware.
3. Common Types of Supply Chain Attacks
- Malicious Code Injection – adding malware into software updates or libraries.
- Credential Theft – stealing login credentials from MSPs, vendors, or suppliers.
- Firmware/Hardware Manipulation – compromising devices before they reach the organization.
- Third-party Exploitation – attackers exploit weaker security controls of partners to reach the main target.
4. Why Supply Chain Threats Are Dangerous
- They bypass perimeter defenses because the organization trusts these third parties.
- They can affect multiple organizations at once.
- They are often hard to detect, since the malware or compromise looks legitimate.
Exam tip: Recognize that trust relationships in IT are a major vulnerability.
5. How to Protect Against Supply Chain Threats
Organizations use several strategies to reduce risk:
- Vendor Risk Management – assess security practices of MSPs, vendors, and suppliers.
- Access Controls – limit the access third parties have to only what’s necessary.
- Monitoring & Auditing – watch for unusual activity coming from third-party systems.
- Software Integrity Checks – verify updates and downloads are authentic (e.g., using digital signatures).
- Incident Response Planning – have a plan if a supply chain attack is discovered.
6. Key Exam Takeaways
- Supply chain threats target MSPs, vendors, and suppliers.
- MSPs – compromise affects multiple client networks.
- Vendors – compromised software or updates can infect clients.
- Suppliers – hardware or firmware may be pre-compromised.
- Defenses – focus on risk management, access control, monitoring, and verification.
- Remember: trusted partners are often the weakest link.
