The Supply Chain Planets Align for a Cyber Security Storm

January 11, 2016 Greg Edwards

Transparency Essential

Supply_Chain_Cyber_Threats.pngOne of the techniques seen in the cyber security threat landscape that has been successful for cybercriminals and which results in good pay-outs for them, is using the supply chain as a way into the various companies within the chain. The supply chain can be a complex one, involving multiple parties and, of course, each needs to be in contact with the other – this essential transparency of contact may well be the Achilles heel of the chain if not properly monitored and protected.

From a cyber threat landscape perspective, the interesting thing about the supply chain and cyber-attacks is that we are seeing an ‘alignment of planets’ that is creating the perfect storm for a cybercriminal; the supply chain is itself a cybersecurity vector. Supply chain management requires that an eco-system of players is created that have two-way communications between the parties and may even have access rights to supply chain member resources, including servers and databases – data flow is increasingly expected to be transparent and auditable.  Combined with this seamless interaction between the supply chain members, is the increasingly human behavior focused toolbox of the cybercriminal, in particular, spear phishing and watering holes. The combination of all of these factors makes the supply chain the perfect vehicle for cyber-attacks. The situation is coming to a head and in a recent paper by the SANS Institute they point out that estimates show around 80% of breaches may well originate within the supply chain.

Some Common Supply Chain Security Issues

You’ve Been Phished

When Target ended up with 110 million of their customer accounts being breached, it quickly came to light that in fact, the initial target had been a supplier in their chain and not Target themselves. After some research, it turned out that an HVAC supplier to Target had been given privileged access to some of Target’s servers that had been hacked. The breach of this supply chain member resulted in the theft of the access credentials used to access Target systems. Once stolen, the cybercriminals were able to steal data over a long period undetected – after all, they had full access rights to Target’s data.

The example above and the breach at the Office of Personnel Management (OPM) last year, were both carried out by the use of spear phishing emails targeting smaller supply chain members, rather than the large enterprise at the top of the chain. Spear phishing is one of the most successful entry mechanisms into an organization.  When a person is spear-phished, it is done with an in-depth knowledge of who that person is and their position in the company – essentially the person has undergone stealth reconnaissance. This information is then used to create very plausible emails, often looking as if they’ve come from a superior. The email will often have a link to a website. The website will be a spoof site and will either encourage the person to enter login credentials, or it will install malware on the user’s device. Both result in the theft of that person’s login credentials or the installation of malware.

RAT Attack

One of the ways that an attacker can gain access to the data and resources of supply chain members is by using a ‘watering hole’. This method is again highly targeted and requires the cybercriminal to build up knowledge about the type of websites and portals that supply chain companies use and trust, so it takes much effort, but it is often worth it. They then infect that site with malware. There are a number of methods of doing this successfully and the Open web Application Security Project or OWASP have a ‘top ten’ list showing how attackers can access and infect a website.RAT_-_Remote_Access_Trojan.jpg

One of the types of malware often used in watering hole based attacks is the Remote Access Trojan or RAT. The RAT variant, Sakula, is believed to be behind the OPM attack. This malware is signed; that makes it seems legitimate. It effectively gives the cybercriminal administration rights over an infected user’s machine

Watering Hole exploits and especially RATs are often based on zero-day vulnerabilities and are made to look legitimate, so they are difficult to prevent, using traditional security techniques. The best way to sniff out a RAT is to use threat intelligence software like Carbon Black to monitor and detect what’s going on across your network.

Threat intelligence is one of the ways that we can fight back against supply chain security issues. As we move into 2016, we can expect to see this very successful and lucrative technique being used more and more. We cannot rely on older methods of protecting ourselves; we need instead to beat the cybercriminals at their own game and using intelligence, and the tools at our disposal.

With WatchPoint's Security Solution you will:

       Green-Checkmark-25x24.png Know someone is securing your business.

       Green-Checkmark-25x24.png Have true visibility into your digital assets.

       Green-Checkmark-25x24.png Have a support staff dedicated to safeguarding your network.

watchpoint overview video

Share this:

Previous Post Top 7 Cyber Crime Threats for 2016 Next Post Dyre Banking Trojan Explained
Entrepreneur Link

Share
    

Subscribe to Email Updates

Recent Posts

Posts by Topic

see all