The European Union Agency for Cybersecurity (ENISA) conducted research and based on these findings, supply chain attacks are projected to quadruple by the end of 2021 as compared to last year. ENISA also observed that the attacks are increasing in numbers and sophistication. 66% of the supply chain attacks were found to have been focused on the supplier’s code, meaning that strong security protection alone is no longer enough for organisations. Around 50% of the attacks were attributed to well-known APT groups by the security community, but it was also found that around 42% of the analysed attacks have not yet been attributed to a particular group.
The report studies and maps the supply chain attacks that were discovered from January 2020 to early July 2021. It is estimated that there will be four times more supply chain attacks in 2021 than in 2020. The recent rise in supply chain attacks and severe data breaches have caused organisations to adopt strict security measures to protect themselves. Due to this, threat actors and cybercriminals have had to seek new ways to gain access. The supply chain is often the weak link in an organisations security chain and has therefore been the basis for this increased focus of attacks. The report conducted highlighted the change in cybercriminals’ methods and strategies to indirectly target their victims.
Remote working has found that many organisations that often suffer from poor cyber hygiene. Cybersecurity professionals found that up to 53% of people use the same password across multiple platforms. Once this data is uncovered it becomes feasible for cybercriminals to gain access to multiple confidential and delicate accounts and databases which can then lead to a wider supply chain attack.
Malware supply chain attacks are also particularly disruptive due to the wide-ranging number of potential victims. We are seeing increasing supply chain attacks such as the Kaseya breach, SolarWinds, JBS food processing and more. It is often quite challenging and complicated to detect malware supply chain attacks as the malware is deeply hidden within legitimate apps and updates. Malware supply chain attacks can be extremely expensive and damaging to organisations.
Insider attacks are often rare, but not unheard of. Financial gain or government initiatives are usually the most common reasons for such events to occur. Tracking the online movements of employees will help to establish if certain malicious attacks have been initiated internally.
Training employees is essential. User error can initiate phishing or a different type of cyber-attack. If employees are equipped with the right knowledge to notice suspicious activity and understand how to react then there is a possibility of gaining control of impending attacks before they go any further.
Encryption is another factor to focus on. Organisations use encryption to secure their data from different networks. Poor encryption software and the use of open-source software has led to a huge network of potential threat areas that hackers and cybercriminals can use. As a result, software needs to be encrypted strongly from one end to another so that the information can be protected.
Threat actors and cybercriminals use different entry points to gain entry into a supply chain. With the threat landscape consistently growing, sophisticated and complex attacks are to be expected and these attacks are of huge concern because a single point of access can reproduce countless times upon the supply chain.
Many organisations whether large or small, find it difficult to monitor and maintain all aspects of the supply chain. Organisations must assess and regularly appraise the systems of the third-party suppliers and the subcontractors that they may employ. Organisations should ensure that their third-party suppliers’ security procedures are aligned with their security procedures. Overseeing regular security inspections are vital as by orchestrating real-world simulated cyber-attacks across systems, organisations can see the possible disparities in security and the disparities can be fixed before cybercriminals have the opportunity to exploit them.
Another method is training employees. If employees are equipped with the right knowledge to notice suspicious activity and understand how to react then there is a possibility of gaining control of impending attacks before they go any further.
Organisations must develop a proactive approach to mitigate risks and attacks through the use of strengthening and improving their cybersecurity. These types of attacks are likely to continue to rise, so institutions need to take a proactive approach to mitigate these risks. To understand how Orpheus Cyber can help with this, click here.
Further report highlights:
- A taxonomy to classify supply chain attacks to better analyse them systematically and understand the way they manifest is described.
- 24 supply chain attacks were reported from January 2020 to early July 2021, and have been studied in this report.
- Around 62% of the attacks on customers took advantage of their trust in their supplier.
- In 62% of the cases, the malware was the attack technique employed.
- When considering targeted assets, in 66% of the incidents attackers focused on the suppliers’ code to further compromise targeted customers.
- Around 58% of the supply chain attacks aimed at gaining access to data (predominantly customer data, including personal data and intellectual property) and around 16% at gaining access to people.
- Not all attacks should be denoted as supply chain attacks, but due to their nature, many of them are potential vectors for new supply chain attacks in the future.
- Organisations need to update their cybersecurity methodology with supply chain attacks in mind and to incorporate all their suppliers in their protection and security verification.