Written by David Parkinson – Strategic Development Manager, UK & Ireland, at Wick Hill.
We talk about the cyber risk within supply chains frequently. It’s important because businesses and support organisations connect with each other, just as our IT networks connect with each other to support them.
The problem then is that if your business partners have a cyber-vulnerability, then you have an additional risk to consider and guard against in your business. And that risk increases with every vulnerability at every point in your supply chain.
To take just one case in point, most organisations have used a recruitment company at some point to fill either a key role or maybe regular short term positions. We may tend to have a fairly relaxed attitude to communications with our recruitment partners, as we generally receive what we expect to receive – CVs, contracts, invoices etc.
However in a recent Forbes article the careers and recruitment industry was highlighted as susceptible to a particular cyber threat. This is an industry that has taken advantage of many of the good things the Internet can offer in terms of reach, scale and efficiency. However it is now finding itself at the sharp end of malware encapsulated in documents – a medium on which it has thrived for so long.
We have known for a long time that malware authors and disseminators look to embed their code within popular document types. This is simply because electronic documents are widely distributed, accepted and unfortunately … trusted. Producing a Word Processed document was probably one of the first things many of us accomplished on a computer!
As the Forbes article points out amongst all the good advice being given, there have been instances of career focused sites being used as a vehicle to distribute malware-laden documents to recruiting organisations. Also as HR perhaps don’t have cyber-attack at the front of their minds when recruiting for an urgent post they may not be immediately wary of opening solicited, let alone unsolicited, CVs from an in-house careers portal on their own web or intranet site.
While the importance of training and behaviour change programs cannot be underestimated, fortunately there are technologies that can be employed to mitigate some of these specific threat vectors. Check Point’s Threat Extraction technology works with their Threat Emulation technology which tests for unknown malware in advanced emulation environments. Threat Extraction removes suspected malware elements from documents received by web download or email and then delivers a clean document onwards to the recipient.
It will be interesting to see whether technologies such as this will find a home in other verticals too which rely heavily on document sharing, as there are many in our supply chains such as legal and accounting.
The recent Rombertik malware discovery provided another stark reminder of the danger of malware delivered apparently as a document. Rombertik is notable for its anti detection capabilities, and the actions it will take if it discovers that it is being actively looked for in memory: it destroys the Master Boot Record of the PC or failing that, encrypts files using a random key. And the method employed to distribute Rombertik? It’s an executable screensaver file, disguised as a PDF or other document by the thumbnail presented to the recipient.
Rombertik’s anti detection code is extremely advanced, and we can only imagine that there will be similar examples to come. The emerging field of CPU level detection looks to identify malicious activity as it is executed on the processor and is designed to counter these evasion techniques. Check Point’s acquisition of Hyperwise will bring this CPU level analysis and detection into the Threat Emulation technology and aims to deliver advanced protection against this kind of threat.
The big picture here is that while just this one sector of business partners has been highlighted, we need to be ever vigilant over the risks within our supply chains.
Wick Hill is a true Value Added Distributor of Check Point, working with reseller partners looking to actively grow their security practices.
For more information on Check Point, click here.
For further reading: