Cyber criminals have upped their game, so should you. We never underestimate or ignore your supply chain’s security threats.
Exploiting the supply chain has become the most effective way to infiltrate networks. Therefore, insight into suppliers and their associated risks is critical to defending against supply chain threats.
“Knowing whether your supply chain is under attack is critical in the age of cybercrime. Only by taking this risk seriously with rapid response plans can this growing attack vector be mitigated.”
Invoice fraud is widespread but easily mitigated with good policy and diligence around creditors. However, it is critical to be aware of the threat and remain vigilant.
A much more significant risk exists where a supplier has privileged access to systems. Threat actors abuse this privileged access as an easy door into sensitive areas.
Client – A high-tech management software vendor supplying a wide range of IoT/OT solutions.
Challenge – The client utilized the expertise of an external software development supplier for particular development work to the solutions they provide. Attackers managed to infiltrate the supplier and extracted credentials they would later use in their attack. By reusing these credentials, the attackers successfully infiltrated the client’s development environment and were able to observe their operations until they were ready to strike. A ransomware attack crippled the client’s ability to function and cast a massive cloud over how this could spread to their customers.
Solution – After investigating, it was found that dark web and other communications prior to the attack provided clear indicators of the risk posed by the supplier. ENHALO’s Supply Chain Threat Detection identifies at-risk suppliers within the supply chain. This has improved the client’s ability to detect and respond to future risks their suppliers pose to their organization.
“The reality is that 60% of passwords are reused, allowing threat actors to commit invoice fraud and access privileged systems. The awareness, monitoring, and response are critical.”
While they will protect your IP and encrypt your internet traffic, that is as much as VPNs can do. VPNs are vulnerable to attacks where the supplier’s username/passwords have been exposed and can then be used to gain access to the target’s network.
If your business has many third-party vendors, and each vendor has VPN access to your network, a hacker now has multiple potential routes to break into and exploit your network using this attack path.
Recent Emergency Cyber Responses performed by ENHALO have shown this to be the biggest contributor to successful ransomware attacks, so, unfortunately, VPNs alone are not sufficient protection.
The cost of cyber liability insurance depends on your cyber risks and the risks posed by your organization’s supply chain services. It is therefore critical to consider the risks posed by suppliers, and many cyber insurance providers have started demanding more robust supplier risk insight.
Firstly, many vendors are unaware of their organization appearing in attacker channels which leaves them exposed.
By implementing supply chain threat detection, organizations can strengthen their suppliers’ defenses and initiate remediation before they have a chance to develop into full-blown supply chain attacks.
When it comes to the supply chain, specifically suppliers with systems access, time is of the essence. The immediate need is to disable the associated account, reset the password, and ensure that Multi-Factor Authentication is enabled. Remote VPN access should have the same applied. The supplier is then notified of the event and requested to go through the same three steps. If the customer has a Security Operations Centre (SOC), the SOC team is asked to check for suspicious events for the supplier in question and to respond as needed.