According to a recently released report from Symantec, the number of recorded cyber attacks on supply chains surged by 78% in 2018.
The Internet Security Threat Report for 2019 showed that hackers were increasingly targeting smaller organisations (the perceived weak link) in a supply chain in order to strike at their true target.
The report shows that developers continue to be exploited as a source of supply chain attacks as hackers steak credentials or compromise third party asset libraries that are often included in large software projects.
SMEs were shown to have seen spam email rates increase by 55% as attackers went after businesses with weaker security measures and those that often have a lack of cybersecurity awareness training. Their preferred form of attack was via phishing and the delivery of attachments that rely on the receiver being duped into clicking on a malicious link or opening an attachment.
Several large companies fell victim to supply chain attacks last year including British Airways, Marriot Hotels and Ticketmaster.
The hacker group Magecart deliberately targeted third-party services in order to infiltrate its targets websites. They managed to compromise a third-party chatbot which uploaded malicious code into the browsers of those who’d visited the infected sites. This code would then try to steal the user’s payment information.
Unlike other forms of cyber-attacks, a supply chain attack will likely remain undetected by defences used to protect the perimeter as they often slip through via a trusted third-party app or service.
As well as that, a supply chain attack often targets multiple organisations at once making the return of investment for the attacker higher.
There are a few ways to reduce the risks posed via the supply chain. These include:
Audits and Due Diligence -An organisation that plans to utilise an outside contractor or service should first carry out a security audit of that potential partner.
Work with consultants – If you need assistance with getting oversight of your organisation's supply chain you could seek out assistance from professional consultants. However, managing supply chain risk also poses the challenge of scale. This is where the deployment of technology can be transformational. CyberScore is an example of this.
XQ Cyber also offers a range of incident response and consultancy services such as Penetration Testing, Cyber Posture Assessments and Incident Response preparedness and testing.