Supply Chain Threat Detection
Cyber criminals have upped their game, so should you. We never underestimate or ignore your supply chain’s security threats.
Are you underestimating, or worse, ignoring the risk your supply chain poses to your security systems?
Exploiting the supply chain has become the most effective way to infiltrate networks. Therefore, insight into suppliers and their associated risks is critical to defending against supply chain threats.
Our Supply Chain Threat Detection Service is an early supplier risk detection system so that preventative action can be taken.
With an average of 20 years in the field, our team is ready to help.
ENHALO Supply Chain Threat Detection Service
Our Supply Chain Threat Detection Service keeps you informed of which of your suppliers are being targeted and could be a risk to your organization.
- Early warning system to alert to potential supplier invoice fraud activity.
- Monitoring of Dark Web communications mentioning suppliers within the supply chain.
- Supplier credential leak detection on 3rd party websites which have been breached.
- Defend against the 60% of re-utilized passwords, which puts your organization at risk.
- Allow organizations to rapidly restrict access to suppliers at risk in the supply chain.
Supply chains are used as attack vectors in two ways:
- Invoice fraud where invoices are intercepted, fraudulent banking details supplied, and payments initiated to fraudsters.
- Privileged access exploitation where a supplier’s access is abused to gain access to the crown jewels.
Invoice fraud is widespread but easily mitigated with good policy and diligence around creditors. However, it is critical to be aware of the threat and remain vigilant.
A much more significant risk exists where a supplier has privileged access to systems. Threat actors abuse this privileged access as an easy door into sensitive areas.
But this is far-fetched and could not affect all organizations, right?
The reality is that 60% of passwords are reused. Armed with this set of passwords, attackers find it easy to compromise the supplier’s mailbox and use these credentials to gain access to sensitive networks.
The awareness of these risks and how to monitor and respond is critical.
Start defending your organization today. Contact ENHALO today.
Prevention is not sufficient. You have to invest in detection so know what system has been breached as fast as humanly possible so that you can contain and remediate.
Supply Chain Threat Detection with ENHALO
Client – A high-tech management software vendor supplying a wide range of IoT/OT solutions.
Challenge – The client utilized the expertise of an external software development supplier for particular development work to the solutions they provide. Attackers managed to infiltrate the supplier and extracted credentials they would later use in their attack. By reusing these credentials, the attackers successfully infiltrated the client’s development environment and were able to observe their operations until they were ready to strike. A ransomware attack crippled the client’s ability to function and cast a massive cloud over how this could spread to their customers.
Solution – After investigating, it was found that dark web and other communications prior to the attack provided clear indicators of the risk posed by the supplier. ENHALO’s Supply Chain Threat Detection identifies at-risk suppliers within the supply chain. This has improved the client’s ability to detect and respond to future risks their suppliers pose to their organization.
Carol Watson of ENHALO, US asks:
Do you need Supply Chain Threat Detection services?
Hi, I’m Carol. We are available to help your business ensure its cyber security. Please get in touch with Enhalo to discuss your requirements.
Frequently asked Supply Chain Threat Detection questions
What type of attacks does it detect?
Reconnaissance attacks – gathering attacks appearing in threat actor channels and giving an early indicator of an imminent threat exploiting privileged access of the supplier into the system.
Invoice fraud attacks – appear in attacker communications and lists and are then manipulated by criminals to send fictitious supplier invoices. These emails characteristically have “new banking details,” which direct funds to the criminals’ bank accounts.
How does this affect me if I have a VPN?
While they will protect your IP and encrypt your internet traffic, that is as much as VPNs can do. VPNs are vulnerable to attacks where the supplier’s username/passwords have been exposed and can then be used to gain access to the target’s network.
If your business has many third-party vendors, and each vendor has VPN access to your network, a hacker now has multiple potential routes to break into and exploit your network using this attack path.
Recent Emergency Cyber Responses performed by ENHALO have shown this to be the biggest contributor to successful ransomware attacks, so, unfortunately, VPNs alone are not sufficient protection.
Will it improve my risk profile for cyber insurance?
The cost of cyber liability insurance depends on your cyber risks and the risks posed by your organization’s supply chain services. It is therefore critical to consider the risks posed by suppliers, and many cyber insurance providers have started demanding more robust supplier risk insight.
What happens if vendor is identified as the origin of the supply chain threat?
Firstly, many vendors are unaware of their organization appearing in attacker channels which leaves them exposed.
By implementing supply chain threat detection, organizations can strengthen their suppliers’ defenses and initiate remediation before they have a chance to develop into full-blown supply chain attacks.
What is the first step after a supply chain threat is detected?
When it comes to the supply chain, specifically suppliers with systems access, time is of the essence. The immediate need is to disable the associated account, reset the password, and ensure that Multi-Factor Authentication is enabled. Remote VPN access should have the same applied. The supplier is then notified of the event and requested to go through the same three steps. If the customer has a Security Operations Centre (SOC), the SOC team is asked to check for suspicious events for the supplier in question and to respond as needed.
If you have any other questions, please contact us: