Organizations no longer underestimate the importance of cybersecurity and investing in solid solutions. However, the advent of robust security protection has given impetus to an increase in supply chain attacks. These attacks occur when cybercriminals infiltrate an organization’s system through an outside partner or provider with access to their systems and data – 90% of global IT leaders believe their partners and customers are making their organization a more attractive target for cyberattacks like ransomware. While supply chain attacks have been around for over a decade, they’ve gained steam in the last two years (especially ransomware incidents) as threat actors have shifted their focus toward suppliers.
- Why attack the supply chain?
The prime motive of cybercriminals is always to make money. In a supply chain attack, bad actors look to hurt a service provider or supplier and harm the clients who use the services or products of the affected supplier. Because a supplier has many clients, the cascading effects from a single attack may have widespread repercussions. However, even though over half (52%) of global organizations know a partner affected by ransomware, many businesses aren’t doing anything to improve the security of their supply chain or mitigate the ransomware risk from suppliers and service providers.
Bad actors pursue supply chain attacks because they think the security at SMBs may be less stringent than the cyber defence of larger, better-resourced organizations. For example, Target experienced a massive data breach after cybercriminals gained access to the systems of its HVAC service provider and leveraged it to enter Target’s environment. As the previously cited report shows, SMBs serve as critical linchpins in the supply chain, forming 52% of the suppliers and service providers businesses rely on daily. That allows terrible actors to worm into another company through its supply chain.
- Standard techniques used to compromise a supply chain
Every business relies on suppliers and service providers, so every organization could be vulnerable to a supply chain attack even when its defences are good. While no two cyberattacks are the same, these characteristics are typical in supply chain attacks:
- Malware Infection: Cybercriminals use malware in the form of spyware, viruses, worms and Trojan horses to gain access to a supplier’s systems. Once they have access to the systems, they modify the third-party code sources their target customers use to gain entry into their systems. Threat actors primarily use phishing emails to inject malware.
- Social engineering: Social engineering is another technique that starts with a phishing email. In this technique, cybercriminals use evasive social engineering lures to trick users into divulging their credentials, like usernames and passwords. Once they get hold of the credential data, they sneak not the company’s system and launch the attack.
- Software vulnerability: Unpatched software is the easiest target for adversaries to breach an organization’s systems. Attacks due to software vulnerabilities are insidious because they erode consumer confidence in software providers on whom organizations depend for security updates.
- Brute force attacks: In brute force attacks, cybercriminals use trial and error hacking methods to crack passwords, login credentials, and encryption keys. It is a common technique to gain unauthorized access to user credentials and organizations’ systems and networks.
- These three industries are especially vulnerable to supply chain attacks
Although any organization that shares data with third-party vendors or suppliers is at risk of supply chain attacks, some industries are constantly on cybercriminals’ radars. Here are some of the industries that are continually affected by supply chain attacks:
- Healthcare: Healthcare is the worst-hit industry for supply chain cyberattacks. Third-party vendors caused ninety percent of the ten most significant healthcare data breaches reported in 2022y vendors. An instance is the ransomware attack on printing and mailing vendor OneTouchPoint that impacted more than 30 health plans and a total of 4.11 million individuals. Aetna ACE was among the hardest hit by this supply chain attack, affecting 326,278 patients.
- Finance and insurance: Financial and insurance institutions are a prime target for supply chain attacks as they deal with what attackers want most — money and personal information. Although the financial industry adheres to strict data privacy measures and employs robust security tools, they are attacked by cybercriminals through its vendors and suppliers, who sometimes lack good security posture.
- Manufacturing: The supply chain disruption due to the pandemic has also spurred the growth of supply chain attacks on the manufacturing industry. According to IBM’s X-Force Threat Intelligence Index 2022, manufacturing was the most attacked industry in North America, with 28% of all attacks X-Force handled coming from the manufacturing industry. While finance and insurance topped the charts in the past, the manufacturing industry unseated them as the most attacked industry for the first time in five years. Besides, with the growth of smart factories, the risk of supply chain attacks is likely to worsen in the coming years.
Source: ID Agent