What makes it different?
Unlike common cyberattacks, such as spear-phishing, supply chain attacks are widespread and enable hacking at an enormous scale. By leveraging a third-party provider as a stepping stone, attackers have the potential to compromise hundreds of organizations at a time, including those with sophisticated cybersecurity.
Blackbaud breach highlights potential devastation
- The ransomware attack at Blackbaud in May demonstrates the bigger impact of a supply chain attack. It took two months for the incident to come to light.
- Blackbaud is a cloud service provider for many prominent institutions, including 105 charity organizations across the U.K, the U.S., and Canada.
- After hacking into Blackbaud’s self-hosted environment, that lasted for more than two months, attackers had managed to steal sensitive data such as bank account information, social security numbers, usernames, and passwords.
- The attack affected several of its clients that included the names of the Northern Light Foundation in Maine, Children’s Hospital of Pittsburgh Foundation, Saint Luke’s Foundation, Inova Health System, Harvard University, Atrium Health, and the University of Kentucky HealthCare.
Other supply chain attacks
- The shipping industry that forms an integral part of the supply chain management recently came under the grip of cyberattacks. The systems and websites of the International Maritime Organisation and CMA CGM S.A were disrupted by attackers, preventing the smooth operation of businesses.
- Besides this, Philadelphia-based eResearchTechnology, which provides clinical trial oversight software to drug makers and testing firms, was recently hit by a variant of Ryuk ransomware. This limited the operations of clinical trials in testing firms.
Faulty software also problematic
No organization is immune to cyberattacks. In fact, attackers are now starting to seek out ways to scale up their efforts to plant hacking components through malware that goes undetected in development pipelines. Having said that, organizations should have a solid vetting process in place to combat risks arising due to supply chain attacks.