Attackers continue to be increasingly efficient at selecting industries to target for maximum impact. Similar to how a technology vendor or other company may use product management and marketing to focus on a particular industry, criminal enterprises are implementing the same techniques when determining what campaigns will be the most successful for them. One industry that finds itself to be at the front and center of these cybersecurity criminals’ lead lists is the Global IT Supply Chain.
Why Global Supply Chain is a High Target
There are two reasons that make these companies particularly attractive targets, and they are both factors organizations use to calculate security risks, likelihood, and impact. Within organizations that work with as many other entities as a supply chain vendor, the networks and requirements for business operations are often complex, with multiple systems and attack vectors to control. It is not uncommon for there to be unpatched software, firmware, or other devices within complex environments, and it often is difficult to manage and monitor all the different types of remote access available.
The second reason is that IT supply chain vendors often have access to many systems or customer environments, which creates a high-impact security environment. High likelihood and impact, while bad for your organization’s risk profile, are great for a criminal enterprise.
Lead supply chain attacker — Nobelium
Most recently, Microsoft has been alerting organizations worldwide regarding a long string of attacks from an alleged Russian nation hacking group named Nobelium. Nobelium is believed to be behind other known attacks, such as identifying vulnerabilities within Solarwinds, which have all mainly targeted portions of the global IT supply chain. Working through the IT supply chain allows Nobelium methods to compromise many companies by focusing on a single organization. According to a blog post by Microsoft, they have alerted over 600 organizations of a Nobelium attack since July 2021, and have been working with entities to help protect against the common attack vectors Nobelium uses.
Supply Chain cybersecurity protection
With all of the fear and uncertainty around recent attacks, one of the most common questions organizations have when discussing their security program’s maturity is “What do I do next?”. Fortunately, the answer is the same. These attacks are not using zero-day vulnerabilities in most cases or any specialized attack techniques. They are utilizing the basic block and tackling that cyber professionals have been talking about for a long time.
- Patch everything, firewalls, systems, applications, operating systems, embedded devices, etc.
- Utilize strong passwords, and enable multi-factor authentication.
- Use mechanisms to detect threat actors using logs and analysis, such as a SIEM, integrated cloud service provider utilities, a third-party Security Operations Center, etc. Set realistic thresholds on things such as brute force login attempts and geographic location.
- Use a next-generation anti-malware utility that is capable of detecting new and modern threats. Old school anti-virus is better than nothing, but it will not catch the majority of items anymore.
- And last but not least, have a plan for when an incident happens. Document an incident response plan, train the members of the response team, ensure that an action is clear so that proper investigation and recovery can take place when needed.
Have a Plan When an Attack Occurs
The only thing that can make a situation worse when a security incident occurs is to have no idea what to do about it. Cybersecurity basics, when done well, can make wild changes in the risk profile of an organization for the better. Do not be afraid of implementing mature solutions. Just because a solution is cutting edge and uses Artificial Intelligence or Machine Learning does not make it the right fit for your company. Most organizations would be surprised what they could do with the proper focus, some mature and proven tools, and some knowledgeable individuals with the time dedicated to doing the right things.
If your global supply chain business has any questions about its cybersecurity plans and protection, please do not hesitate to reach out to one of our security experts at any time!
