A newly discovered web skimming campaign running for the past year has already compromised over 40 e-commerce sites, according to researchers. The JavaScript protection vendor revealed that “Group X,” which exfiltrated card data to a server in Russia, used a novel supply-chain technique to compromise its victims. The cyber-criminals exploited a third-party software named Cockpit, a free web marketing and analytics service that was discontinued in December 2014. Cockpit is a JavaScript librar
supply chain (64)
A recent cyber-attack caused the trains operated by Denmark’s largest train service DSB to come to a halt. Threat actors hit a third-party IT service provider associated with DBS, which slammed the brakes on. The cyber-attack hit the Danish company Supeo, an IT service that provides enterprise asset management solutions to railway companies, transportation infrastructure operators and public passenger authorities. DSB is the largest train operating company in Denmark.[1]
“Trains throughout th
As recently exposed by cyber threat investigators, software supply chain attacks have gained popularity with cybercriminals. Once exclusively used by cyberespionage threat actors, these attacks have become attractive for average cyber criminals, who see this threat as a way to compromise hundreds or thousands of computers with one operation. This explains why the software supply chain attack threat more than tripled in 2021 when compared to 2020, researchers report.[1]
A software supply chain a
The Port of Los Angeles has been making headlines after sharing an eye-opening statistic; the port faces around 40 million cyber-attacks per month. As the busiest port in the western hemisphere handling $250 billion of cargo each year this astounding number of attacks could wreak havoc on the supply chain and international commerce.
The number of attacks has more than doubled since the beginning of the Covid-19 pandemic. The pandemic has also impacted the port’s efficiency as workers were force
GPS, or Global Positioning Systems, have become a staple of our lives – especially in the transportation sector. Whether you are broadcasting your location for a rideshare or trying to find the quickest way to avoid traffic on your commute it seems that paper maps and printed directions have become a thing of the past. It comes as no surprise that the more we rely on interconnected devices the more susceptible to cyber attacks we become. This is exemplified through the Cybersecurity & Infras
Both public and private maritime industries within the entire transportation supply chain is finally getting up to speed with cyber security. The Port of Long Beach in California is poised to build its “Supply Chain Information Highway” digital infrastructure on the Amazon Web Services platform, following a new agreement with the online retail giant.
This “Information Highway” is being created to aggregate data collected at the port on a single platform for access by companies across different
The supply chain provides the framework for the modern transfer of goods. Logistics play a pivotal role from the acquisition of raw materials to the delivery of a final product to the end user. Generally, the raw materials are transported to a supplier, who then transports the materials to a manufacturer. The manufacture creates a finished product that is then distributed to either a retailer or warehouse where the product is either sent to or carried out by the consumer. Pictured below is a
Logistics and freight forwarding giant Expeditors International announced a cyber-attack on 20 February that crippled some of their operating systems and continues to slow their operations around the globe. The Seattle-based freight company, which brought in $10.1 billion in revenue last year, said they shut down most of their operating systems globally after discovering the cyber-attack. "The situation is evolving, and we are working with global cybersecurity experts to manage the situation.
Merchant tanker and barge shipments in and out of Europe’s biggest oil hub have been delayed by up to a week as four storage companies work to resume operations after cyber-attacks. Since the end of last week, storage company Oiltanking and oil trading firm Mabanaft, both owned by Germany’s Marquard & Bahls, have been hit by hackers. Belgium’s SEA-TANK and Dutch fuel storage firm Evos have also been affected.
The companies have had to suspend some operations, affecting oil flows in the Netherl
Cyber security investigators have reported that replicable attacks and a low barrier to entry will ensure the rate of supply chain attacks increases in 2022. The supply chain is a consistent attack vector for threat actors today. By compromising a centralized service, platform, or software, attackers can then either conduct widespread infiltration of the customers and clients of the original singular victim or may choose to cherry-pick from the most valuable potential targets. This can save cy
US Department of Agriculture (USDA) analysts have reported that China, with less than 20% of the world's population has managed to stockpile more than half of the globe's corn and other grains, leading to steep price increases across the planet and dropping more countries into famine. COFCO Group, a major Chinese state-owned food processor, runs one of China's largest food stockpiling bases, at the port of Dalian, in the northeastern part of the country. It stores beans and grains gathered fr
Unless you have been living in a cave, everyone knows that supply chain issues and delays are widespread and affect many industries. For small businesses, it is even worse. Large companies, including major retailers, are using their own shipping to get needed supplies and inventory in time. Whether you have a retail outlet or an e-commerce store, it can be a challenge to keep popular items stocked and deal with impatient customers. Here are some ways you can prepare for these challenges and
Microsoft has teamed up with Intel and Goldman Sachs to push for hardware security improvements that could help to mitigate supply chain risks. Working under the auspices of the non-profit Trusted Computing Group (TCG), the companies have created a new Supply Chain Security workgroup that will aim to bring in experts from across the tech sphere.
The TCG argued that malicious and counterfeit hardware is particularly difficult to detect as most organizations don’t have the tools or in-house knowl
Supply chain networks have for some time been driven by technology over the years and have evolved accordingly. The same technologies that make supply chains faster and more effective also threaten their cybersecurity. Supply chains have vulnerabilities along touchpoints with manufacturers, suppliers, and other service providers.
With constant global cyber threats, it is vital that companies involved in the supply chain understand risks and how to respond to them. So, what is the best way to p
A recent cyber security blog by researcher Maahnoor Siddiqui, he provides a clear picture of the threats and vulnerabilities in the Transportation supply chain. A concern shared by Red Sky Alliance. Our 40-minute commute to work in the morning can feel like an insular event. Whether it is by bus, train, ferry, or car; it can be hard to place this single event within the vast network of transit that occurs every day. These small personal journeys make up a highly interconnected transportation
Activity Summary - Week Ending 14 May 2021:
- Red Sky Alliance observed 78 unique email accounts compromised with Keyloggers
- Analysts identified 23,596 connections from new unique IP Addresses
- 1,802 new IP addresses are participating in various Botnets
- COVID-19 Lures Continue
- RotaJakiro
- Lemon Duck
- Colonial Pipeline and DarkSide
- US – Oil Supply Chain Repercussions
- Belnet hit in Belgium
- Rubin Design Bureau, Russian DIB
- BoA upping Cyber Security Budgets
- The “new” Normal, is it?
Link to full report:
The U.S. Cybersecurity and Infrastructure Security Agency and the National Institute of Standards and Technology have released a report providing insights on how to enhance supply chain security in the wake of the SolarWinds attack.
The guidance released 28 April 2021, "Defending Against Software Supply Chain Attacks," offers recommendations on how to implement the NIST Cyber Supply Chain Risk Management Framework and the Secure Software Development Framework. "This resource provides in-depth re
The US government is working to draw attention to supply chain vulnerabilities, an issue that received particular attention late last year after suspected Russian hackers gained access to federal agencies and private corporations by sneaking malicious code into widely used software.
The US National Counterintelligence and Security Center (NCSC) recently warned that foreign hackers are increasingly targeting vendors and suppliers that work with the government to compromise their products in an e
As the Covid virus marches on, many are seeing the light at the end of the tunnel. Each day brings us a little closer to the approval and distribution of COVID-19 vaccines in the US, UK and close in many other countries. According to the US Health and Human Services (HHS) Secretary Alex M. Azar II, officials with Operation Warp Speed (OWS) report that 20 million doses of the COVID-19 vaccine could be distributed this month. ”We are planning to be ready when [an emergency-use authorization by
The current US administration is signaling it will be updating the US government’s approach to its maritime cybersecurity strategy. Cyber security priorities are being discussed to enhance and secure the US’ ability to ‘project power at sea and defend against adversarial cyberattacks.’ The plan involves a re-examination of the national approach to information sharing and better emphasizing the use of operational technologies in ports.
Hackers at all tier levels have long targeted shipping fir
