There is a common misconception when it comes to assessing risk when it comes to cyber-attacks with many organisations believing they are too small or insignificant to be of any interested to a potential cybercriminal.
There is an old African proverb that says if you think you are too small to make a difference then you haven’t spent a night in a room with a mosquito.
The mistaken belief that you are ‘too small’ is particularly potent in the world of cybercrime and has become a lucrative way for hackers to maximise on this apathy in the supply chain attack.
What is a Supply Chain Attack?
Simply a process whereby cybercriminals target an organisation using more vulnerable and less secure elements of the supply network, a supply chain attack often starts with the manufacturing process.
Cybercriminals can tamper with a product at source by installing hardware spying component or a rootkit to deliver damaging malware once the product has been deployed.
Some recent examples of highly successful and invasive supply chain attacks include:
The major US retailer was struck in 2013 when malware was installed on the company’s POS system and allowed attackers to access the credit and debit card details of over 40 million customers. It is believed that the initial breach of security was via Target’s HVAC supplier.
The small UK business, Piriform, known for its CCleaner utility was targeted in 2017 when attackers gained access to the server where programs were created. The installed malware was installed on a popular program that had a userbase of around 100 million applications.
The infected version of the program was downloaded 2.27 million times with around 1.65 million successful communications by the malware to the criminal’s servers. A well-organised and highly complex attack, the criminals were very specifically looking for high-profile accounts and only targeted 40 individuals from this list. Once additional malware was installed on the computers of these 40 people, only four targets were selected for the final stage of the attack.
A tailored version of ShadowPad, a backdoor Trojan, was installed on the victims computers which was designed to access highly confidential information from these high-profile indivdiuals.
GreenDispenser – A piece of malware that was installed during the manufacturing or maintenance process of ATM machines being made or installed in Europe (particularly in Ukraine and Russia) that allowed attackers to drain the cash vault of the machines.
Tyupkin – Active during 2014, this Windows based malware was found to be installed on machines in Eastern Europe but spread to China, the U.S. and India. Attackers could access machines to withdraw 40 bank notes.
How to Avoid Being Part of a Supply Chain Attack
The take home of these examples is stark and underlines the vulnerabilities of any organisation which uses a supply chain.
Our analogy of the mosquito rings true here with these small insects capable of delivering the lethal infection, malaria. The fact is, it doesn’t matter how small and insignificant you believe your own organisation to be, the consequences of a breach to your delivery chain could be devastating. This is particularly potent in organisations that have a mass potential for onward delivery via downloads but is also applicable to all.
The number of studies on how unprepared many organisations are is staggering and the overwhelming consensus is that more than two thirds of companies are not ready for a cyberattack of any kind.
Organisations must take proactive action to examine and analyse threats to their own supply chain and the potential impact on their delivery chain. Only by having a robust strategy of detection and response can you minimise the risk, eliminate the vulnerabilities and forecast potential threats.
Threat hunting is one way to respond to risk by actively seeking implanted malware using a targeted attack discovery service. Solutions like Kapersky’s Threat Hunting can help your organisation understand and identify the potential sources of incidents and provide effective action to avoid future attacks. Combined with fully managed protection, you can avoid being the carrier of a devasting malware attack.