)
One of the most prominent and dangerous methods cybercriminals have employed recently is using supply chains to launch attacks. Targeting the systems, processes, or software of third-party vendors or suppliers, threat actors can infiltrate multiple parties at once and cause serious harm.
Looking at cybercriminal activities on deep web forums over the past few years, our team of researchers has discovered significant growth in the market for supply chain-based attacks. Sellers in the cybercrime underground advertise access to the networks of service providers (such as IT services, cloud services, and HR solutions). This access allows threat actors to readily exploit an untold number of organizations.
In 2021, only 39 such posts appeared, but that number jumped to 151 in 2022 and 257 in 2023, according to Cybersixgill’s supply chain risk intelligence research. In the first quarter of 2024, postings on deep web forums showed that number had already reached 81 – on track to total more than 320 for the year if the trend continues.
As we highlighted in our last blog, Illuminating a threat analyst’s blind spot: third-party threat intelligence, such posts lead to extensive and costly supply chain attacks. One recent report said that in 2023, 245,000 such incidents¹ occurred. Another report estimated total damage in 2023 at $45 billion and expected that by 2025 the total would rise to $60 billion². A third report found 61% of U.S. businesses were directly impacted by a software supply chain attack in the 12 months preceding April 2023³.
Cybersixgill can help companies gather critical third-party threat intelligence and take appropriate measures to protect themselves, as we’ll explain. But first, let’s examine some of the more prominent cases.
Prominent examples of supply chain attacks
NotPetya
Although supply chain-based attacks have grown tremendously in the past year or two, one of the more notable ones happened in 2017. A Petya ransomware variant called NotPetya was used to target a Ukrainian accounting software package -- using a vulnerability previously exploited in the WannaCry supply chain attack as well as a credential-stealing technique for non-vulnerable machines -- before deploying ransomware.
The malware quickly spread beyond Ukrainian targets, affecting numerous multinational corporations, resulting in extensive financial losses, operational disruptions, and data destruction.
SolarWinds
In 2020, a Russian hacking group infiltrated SolarWinds' Orion platform, injecting malicious code into Orion software updates. That allowed the hackers to gain access to some 18,000 SolarWinds customers, compromising government agencies, technology firms, and other high-profile entities, resulting in unauthorized access and exfiltration of sensitive data.
MOVEit
File transfer solutions are frequent targets of cybercriminals, due to their role in facilitating the exchange of sensitive data across the supply chain. In June 2023, three critical SQL injection vulnerabilities were discovered in Progress Software’s MOVEit Transfer platform, a tool designed to securely transfer sensitive files used by close to 1,700 organizations. Zellis, a UK-based payroll and HR solutions provider, was affected by the MOVEit vulnerability and targeted by the Cl0p ransomware gang.
This attack resulted in unauthorized access to sensitive personal information of both Zellis and its clients. The MOVEit supply chain attack also affected dozens of other organizations, including British Airways, the BBC, and the Minnesota Department of Education, and posed a significant risk to millions of individuals globally.
Cybersixgill’s Third-Party Intelligence helps guard against supply chain risks
With the rising danger of threats made possible through compromised supply-chain vendors, we recently launched our new Third-Party Intelligence module that detects security gaps and compromises in a supplier’s environment, and alerts our customers of the risks posed to their networks. We do so by continually monitoring activities on the deep and dark web and non-intrusively scanning the suppliers’ environment. As a result, our customers can:
Preempt threats originating from their supply chains.
Continuously assess the security posture of third parties to minimize organizational risk, achieve compliance, and adjust supply chain strategies as needed.
Take action and report threats to affected vendors in detail, including recommended remediation activities.
Undertake any merger and acquisition research or company health checks before contracts are finalized.
Of course, organizations need to take several precautions to reduce and mitigate the risk of supply chain cyber attacks. They’ll have to implement robust security measures, including vendor risk assessments and incident response plans. Stakeholders must collaborate, share information, and stay updated on emerging attack vectors. But it is critical to have the latest threat intelligence and pertinent to their attack surfaces and suppliers. Continuously monitoring vendor assets and pre-empting venues of attack are critical to minimize risks.
Watch a video of Cybersixgill’s new Third-Party Intelligence to see how it can help your organization manage the threat of supply chain attacks. To learn more about Cybersixgill’s products, please book a demo with our experts.
¹Sonatype (2023) 9th Annual State of the Software Supply Chain
²Cybersecurity Ventures, cited in Cybercrime Magazine, October 2023, “Software Supply Chain ³Attacks to Cost the World $60 Billion by 2025”
Capterra (2023) Supply Chain Survey
)
)
)
)