April 24, 2024by Shir David

Illuminating a threat analyst’s blind spot: third-party threat intelligence

Third-party threats and the risk they pose to organizations are a sore spot for threat analysts and security operations teams – one they often can’t see until it’s too late. Lacking intelligence into their company’s supply chain and the threats targeting their partners’ environments, they’re often in the dark about threat actors’ activities that expose them to risk.

For every company offering a digital product or service, there are potentially hundreds or even thousands of vendors that provide support in some way, making supply chains highly susceptible to attack. Having insights into so many third-party environments can be nearly impossible with most threat intelligence offerings currently. And without such third-party intelligence, the consequences can be steep.

Research shows that in 2023, there were 245,000 software supply chain attacks, costing organizations $46 billion¹. That amount will likely rise to $60 billion in 2025². As demonstrated by several attacks in companies’ software supply chains over the past few years, third-party relationships are fast becoming one of the greatest sources of risk to organizations. Some notable supply chain attacks from the past few years include:

  1. The SolarWinds breach: This attack, beginning in September 2019 but only reported in late 2020, involved hackers inserting a backdoor into the Orion software updates, compromising multiple organizations, including the US government and Fortune 500 companies. (source: Cybersixgill IQ)

  2. Kaseya Attack: In 2021, the Kaseya supply chain attack occurred. Cybercriminals exploited a vulnerability in Kaseya's software to distribute ransomware to their customers. This attack affected thousands of organizations worldwide. (source: Cybersixgill IQ)

  3. 3CX breach: In April 2023, 3CX, which produces voice over IP (VoIP) communications software, suffered a compromise in its development environment which impacted a significant fraction of 3CX's 600,000 customers. The attack allowed for the distribution of malicious code, enabling remote access to 3CX clients. As with SolarWinds, the attackers are believed to represent a nation-state. The 3CX attack represents the first known multiple-level software supply chain attack since the original 3CX compromise resulted from another weaponized software distribution. (source: Gartner, Wired)

    So how do security operations teams address this growing, potentially damaging issue?

    Shining the light on third-party risks

    Threat analysts and security teams need intelligence that exposes their supply chain blind spots and helps them continuously monitor and detect risks to their environment from third-party suppliers before an attack is launched. By combining vendor-specific cyber threat intelligence (CTI) with cybersecurity posture data from each supplier’s tech environment, security teams can identify threats from the supply chain and expand their threat exposure management efforts. 

    Such intelligence can help security teams:

    • Preempt threats originating from the supply chain

    • Continuously assess the security posture of third parties to minimize organizational risk, achieve compliance, and inform ongoing supply chain strategies

    • Take action and report threats and remediation recommendations to affected vendors

    • Undertake any merger and acquisition research before contracts are finalized

    Making informed decisions about the supply chain with comprehensive, contextual third-party threat intelligence will help organizations quickly identify and mitigate vendor-related risks. 

    How can security teams access such intelligence? More information is coming soon!

    To learn more about how Cybersixgill can help you expose third-party risks, contact us here.

¹Sonatype (2023) 9th Annual State of the Software Supply Chain
²Cybercrime Magazine (Oct. 2023) Software Supply Chain Attacks to Cost the World $60Billion by 2025

You may also like

A close-up, detailed, and vibrant image of a microscopic cell with numerous tentacle-like extensions, depicted in shades of pink and purple against a blurred blue background.

May 15, 2024

Black Basta's Devastating Attack on a US Hospital System: Lessons Learned and Protective Measures

Read more
Screen showing a malware alert

May 09, 2024

New 'Latrodectus' Malware Linked to Notorious 'IcedID' Developer: A Deep Dive into Targets, Potential Impact, and Remediation Steps

Read more
Two cybersecurity professionals looking at a laptop

May 01, 2024

State of the Underground 2024: Combating RisePro, Lumma, Vidar, and other top stealer malware

Read more