Supply chain attacks of 2022 on the rise - Security IT Summit | Forum Events Ltd
  • Everycloud
    Everycloud
  • Supply chain attacks of 2022 on the rise

    • 0

    According to Microsoft, the goal of a supply chain attack is to ‘source codes, build processes, or update mechanisms by infecting legitimate apps to distribute malware.’ Supply chain attacks ‘begin with an advanced persistent threat that determines a member of the supply network with the weakest cyber security in order to affect the target organization.’ (CERT-UK report ‘Cyber-security risks in the supply chain’).

    Advanced persistent threats (APT’S) are ‘a multiphase, and long-term network attack in which unauthorized users gain access to, and harvest, valuable enterprise data.’ (IBM)

    Most often, smaller businesses are the initial targets of these attacks. But these smaller business often provide products and/or services to larger corporations, which then become infected. So, while a small technology company with less than 30 employees may be the initial gateway, anything up to a Fortune 500 business can be impacted.

    Take aviation giant, British Airways, for instance. In August 2018, malicious code on the BA website and app was placed to extract customer credit card details and other personal data of over 400,000 customers. While BA was the target, it is likely that third-party suppliers were the original issue here, as ‘third parties may supply code to run payment authorisation, present ads or allow users to log into external services.’ reported the BBC shortly after the attack. The company was fined £20m by the Information Commissioner’s Office (ICO), and new measures with regards to authentication and third-party protocols were put in place.

    This incident is one of many. ‘In terms of scale and sophistication, the attack against SolarWinds, in which the highest levels of government were compromised, was unlike an attack seen before. The far-reaching impacts are still being identified today. It is the unpredictability of the attack that was/is the greatest cause for concern, and how attacks like this will influence business and infrastructure in the future. That is why it is important to prepare and safeguard systems as much as possible now, before the damage is done.’- Eleanor Barlow, SecurityHQ

    How to Mitigate a Supply Chain Attack

    To reduce the chance of becoming a victim of a supply chain attack, implement the right services to detect and respond rapidly, now.

    For full visibility of threats targeting you, ensure that you have Managed Extended Detection & Response (XDR) in place.

    If you are concerned about the impact of a breach, contact a security expert for advice.

    Or, if you think you have been breached, report an incident here.

    AUTHOR

    Eleanor Barlow

    Eleanor is an experienced named author and ghost writer, who specialises in researching and reporting on the latest in cyber security intelligence, developing trends and security insights. As a skilled Content Manager, she is responsible for SecurityHQ’s content strategy. This includes generating and coordinating content for the latest articles, press releases, whitepapers, case studies, website copy, social accounts, newsletters, threat intelligence and more. Eleanor holds a first-class degree in English Literature, and an MA from the University of Bristol. She has strong experience writing in B2B environments, as well as for wider technology-based research projects.

    All stories by: Eleanor Barlow

    Leave a Reply

    Your email address will not be published.