Hackers Backstabbing Organizations with Supply Chain Attacks | Cyware Alerts


Supply chain attacks, which are sometimes referred to as third-party attacks, can open target-rich surfaces for adversaries. According to a recent report from Accenture, these attacks are seen as one of the key trends in the future, risking the operations of the financial sector, Technology Service Providers (TSPs), Managed Service Providers (MSPs), and Cloud Service Providers (CSPs).

What makes it different?

Unlike common cyberattacks, such as spear-phishing, supply chain attacks are widespread and enable hacking at an enormous scale. By leveraging a third-party provider as a stepping stone, attackers have the potential to compromise hundreds of organizations at a time, including those with sophisticated cybersecurity.

Blackbaud breach highlights potential devastation

  • The ransomware attack at Blackbaud in May demonstrates the bigger impact of a supply chain attack. It took two months for the incident to come to light.
  • Blackbaud is a cloud service provider for many prominent institutions, including 105 charity organizations across the U.K, the U.S., and Canada.
  • After hacking into Blackbaud’s self-hosted environment, that lasted for more than two months, attackers had managed to steal sensitive data such as bank account information, social security numbers, usernames, and passwords.
  • The attack affected several of its clients that included the names of the Northern Light Foundation in Maine, Children’s Hospital of Pittsburgh Foundation, Saint Luke’s Foundation, Inova Health System, Harvard University, Atrium Health, and the University of Kentucky HealthCare.

Other supply chain attacks

  • The shipping industry that forms an integral part of the supply chain management recently came under the grip of cyberattacks. The systems and websites of the International Maritime Organisation and CMA CGM S.A were disrupted by attackers, preventing the smooth operation of businesses.
  • Besides this, Philadelphia-based eResearchTechnology, which provides clinical trial oversight software to drug makers and testing firms, was recently hit by a variant of Ryuk ransomware. This limited the operations of clinical trials in testing firms.

Faulty software also problematic

Vulnerabilities in software manufactured by third-party vendors are a major reason for supply chain attacks. During one such investigation, security experts found critical vulnerabilities in Wibu-Systems’ CodeMeter software license management systems, which could expose several ICS products to remote code execution attacks.

Bottom line

No organization is immune to cyberattacks. In fact, attackers are now starting to seek out ways to scale up their efforts to plant hacking components through malware that goes undetected in development pipelines. Having said that, organizations should have a solid vetting process in place to combat risks arising due to supply chain attacks.



Source link

Recent articles

Europe Risks a New Economic Downturn as Lockdowns Return

“We are completely reliant on the development of the virus,” said Sylvain Broyer, chief economist at S&P Global Ratings in Europe.The volatile growth...

Hunt or Be Hunted in “A Wolf or Other,” Now Available on Roblox for Xbox One

Halloween is right around the corner, and as luck would have it, another full moon. What better way to celebrate this...

Apple will replace AirPods Pro for free with faulty noise cancellation, static or crackling

Today, exactly one year after Apple first launched the AirPods Pro — and thus the same day the very first AirPods...

El Al chief Usishkin to step down in January | News

Israeli flag-carrier El Al’s chief executive, Gonen Usishkin, is to step down from his position in January next year, three months after a...

Crippling Cyberattacks, Disinformation Top Concerns for Election Day

Cyber-researchers weigh in on what concerns them the most as the U.S. heads into the final weekend before the presidential election -- and...

1UP Is A Video Game Comedy About Women In eSports And Gamergate

Video game films are largely regulated to pure adaptations of existing games. Once in a while, though, you get films like 1UP, which...

Leave a reply

Please enter your comment!
Please enter your name here