Supply Chains Are Still Under Attack

9404982272?profile=RESIZE_400xSupply chain networks have for some time been driven by technology over the years and have evolved accordingly.  The same technologies that make supply chains faster and more effective also threaten their cybersecurity. Supply chains have vulnerabilities along touchpoints with manufacturers, suppliers, and other service providers.

With constant global cyber threats, it is vital that companies involved in the supply chain understand risks and how to respond to them.  So, what is the best way to protect your supply chain?  Collect the best cyber threat intelligence on as many of your key supply chain members as you can.   A breach at any level can spell disaster for your organization and cause millions in lost revenue.  Cyber threat assessments are a good beginning, training is essential, but more is needed as the cyber threat landscape can/will change overnight after the assessment is long filed away.[1]

What Are the Most Common Risks to Supply Chain Businesses?  The three most common risks that affect supply chain companies include data leaks, supply chain breaches, and malware attacks.  Data leaks can happen through external and internal attackers. Employees, hackers, malicious competitors, and managers can all leak sensitive data and personal information outside the business. 

Security breaches usually occur when a hacker or malicious user infiltrates an operating system or network without permission.  The motive is often to cause chaos within the system through data deletion, replication, and corruption.

Malware attacks can happen through ransomware tools that locks a computer until the business pays a sum of ransom money.  Viruses can infect the system, or trojans can gain access through a back door.  Any level of malware can and will cause network disruptions.

One single email phishing for information or that has a link that an employee clicks on can lead to data corruption and loss.  If a phishing email is successful, a targeted business could find an employee username and password being used from an external location to gather information within the system network. This could lead to unforeseen business competition and that malicious ‘leak’ can harm the entire corporation.

Case Studies of Previous Breaches - Previous supply chain breaches generally involved ransomware and other malware attacks.  A ransomware attack risks exposing the personal data of millions of customers, including social security numbers and mailing addresses. One such ransomware called Ryuk, appeared in 2018 and targeted users through malicious emails.  As with most ransomware, it locked out users from computers and then stole their log-in credentials.  Files became encrypted and the malware ransom required a hefty dollar amount to return access to its computers.  Ransom demands averaged close to $300,000 for each incident.  Even if the ransom was paid, the cybercriminal could ‘still’ attack the same system again and again in the future.  A recent friend of the author recently discovered that a midwestern municipality was hit with ransomware three times (3x).  Each time they had backup files and were about to get back onto operations quickly.  But three times indicates the bad guys were still in the system.  In the Ryuk cases all types of businesses and organizations were attacked, including supply chain businesses.

9404983667?profile=RESIZE_584xTrickBot was another tool used. Originally a banking trojan, TrickBot eventually became a tool that led to cybercrimes involving the harvesting of credentials, crypto-mining, and ransomware.  The tool also caused point-of-sale procurement of business data. By mining for cryptocurrency, the cybercriminal increases their personal wealth.  However, ransomware incursions are like other breaches which also usually require payment to return the system back to its user.

Other cyberattacks involved BazarLoader and BazarBackdoor.  In 2020, these would infect certain targeted systems.  They used social engineering and target collaborative platforms like Slack and BaseCamp by sending employees at large organizations emails that said they offered important information about contracts, customer service, invoices, or payroll.  These tools additionally introduced ransomware that demanded payment from the affected business.

How to Implement Cyber Security Strategies for Supply Chain - A cybersecurity strategy depends heavily on the steps the supply chain company team takes.  The following four steps can help the company implement cybersecurity strategies to improve its supply chain risk management approach.

  1. Fully understand the threat to the supply chain business. This step requires the team to completely review, learn, and keep track of ALL supply chain breaches, data leaks, and malware attacks that affect its company and associated industry.  What affects the supply chain management the most; what types of malware lead to the most devastation; and where to focus are all important prevention strategies. 
  2. Assess your cybersecurity measures. To adequately apply a risk-based strategy to prevent and adjust to invasions of the system, a cybersecurity team needs to know what measures are already in place and which are missing. This framework includes hardware used to prevent or mitigate incursions, software used on network computers, education, AI, and purchased tools.  This assessment also includes knowing where the company is going in the future regarding these measures.
  3. Improve current measures. After understanding what you already have and assessing how these tools can assist with cybercriminal attacks, you can then improve these measures already in place.  This may include purchasing a more advanced firewall.  The risk management strategy team may need to install or update software on all computers or push the AI to a centralized location to learn how data affects its enterprise system.
  4. Treat cybersecurity as an ongoing process. Once you learn how to best increase security within the business against security incidents, you will need to document, review, and sift through feedback. The process to maximize cybersecurity is forever changing.  Once one attack is over, a new development may require upgrades to prevent future infiltrations.

The following is what Red Sky Alliance recommends:

  • All data in transmission and at rest should be encrypted.
  • Proper data back-up and off-site storage policies should be adopted and followed.
  • Implement 2-Factor authentication-company wide.
  • For USA readers, join and become active in your local Infragard chapter, there is no charge for membership. infragard.org
  • Update disaster recovery plans and emergency procedures with cyber threat recovery procedures. And test them.
  • Institute cyber threat and phishing training for all employees, with testing and updating.
  • Recommend/require cyber security software, services and devices to be used by all at home working employees and consultants.
  • Review and update your cyber threat and information security policies and procedures. Make them a part of all emergency planning and training.
  • Ensure that all software updates and patches are installed immediately.
  • Enroll your company/organization in RedXray for daily cyber threat notifications are directed at your domains. RedXray service is $500 a month and provides threat intelligence on nine (9) cyber threat categories including Keyloggers, with having to connect to your network.
  • Purchase annual cyber insurance coverage from Red Sky Alliance provided by Cysurance.

Measures to Be Taken During a Cyber Attack - The best way to respond to a cyberattack is to prevent it from happening in the first place.  Businesses should take a multi-pronged risk based approach to PROACTIVELY securing their supply chains against cyberattacks.  By investing in cybersecurity technology that covers the endpoints, network, and users, and combines the latest security technologies together, you will create multi-layered protection that detects, prevents, and actively removes threats from their system.

It is recommended to strictly limit the access suppliers have to your system.   Companies should ensure that the supplier only has access to as much of the network as necessary to do their role.  This is a fine line and must be established and reviews often with cyber-security always in mind. 

Cybersecurity experts recommend the following five tips to prevent cyberattacks in the supply chain:

  • Limit the number of suppliers you use – It is a lot easier to manage a few outside parties instead of many.
  • Develop a minimum cyber standard for suppliers – Put the cyber standard you want your suppliers to adhere to in your contract. Use a recognized third-party standard so everyone is working to a standard set of rules.
  • Check your suppliers are following the standard – Regularly monitor your suppliers’ adherence to the standard.
  • Share information on how to improve – Let your suppliers know what you and others in your industry are doing to improve your data security so that they can adopt similar measures.
  • Encourage open reporting – If a problem does arise, you want to know about it as quickly as possible. Don’t retaliate – mitigate.

If you do experience a breach, the most important factor to mitigate the damage is speed.  When you have the right tools in place, you can quickly identify risks and respond to them appropriately.

Protecting the Company from a Cyber Attack - You should remain open to additional suggestions and gather feedback from experts. An IT team that has extensive knowledge of which options to choose usually will implement a plan with multiple approaches.  Learn from mistakes, and do not skimp on the costs.  Educate management about the latest threats and keep learning which attacks are prevalent in your security.  Just as cybersecurity measures advance, so too do these threats.

Cybersecurity and the IT department are the lifeblood of any company that wants to prevent, mitigate and eliminate malware attacks, breaches, leaks, and infections. Additionally, if you do not learn from previous incursions, you are doomed to fail again, like my friend with the midwestern municipality.  Widespread ‘chaos’ and demands for money to remove the infection, and corruption of data are awaiting to those that do not invest in a solid cyber security strategy.  It is better to avoid a cyber threat attack in the first place, than losing millions and cleaning-up after a breach.

Red Sky Alliance is   a   Cyber   Threat   Analysis   and   Intelligence Service organization.  We can help protect your network.  For questions, comments or assistance, please contact the lab directly at 1-844-492-7225, or feedback@wapacklabs.com

Weekly Cyber Intelligence Briefings:

Weekly Cyber Intelligence Briefings:

REDSHORTS - Weekly Cyber Intelligence Briefings https://www.redskyalliance.org/

[1] https://securityboulevard.com/2021/07/cybersecurity-in-supply-chain-management-risks-to-consider/