In 2021, ransomware attacks on supply chains became a front-burner issue for businesses, cybersecurity experts and even international governments. During this year, instances of ransomware attacks more than doubled from the previous year, with some 623 million ransomware attacks being recorded worldwide.
In addition to an increase in frequency, ransom attacks began to take on a more nefarious flavor, attempting to cripple food networks, water supplies, fuel distribution networks, and even hospitals and city governments. What this indicates is that the focus of ransomware attacks has largely shifted away from large financial firms and toward manufacturers. Evidence supports this sentiment with records showing that 23% of cyberattacks in 2021 targeted manufacturers.
This significant uptick in supply chain ransomware attacks has made many organizations, including some government agencies, begin to prioritize fighting against this form of cybercrime. Many of these organizations are beginning to collaborate in this fight to make their efforts more effective.
WHAT IS A SUPPLY CHAIN ATTACK?
A supply chain attack is a form of a cyber attack in which a cybercriminal targets vulnerable aspects of a supply chain’s computer systems. The chief aim of these attacks is to gain access to the networks of the victim’s supply chain suppliers and partners. What makes these attacks particularly dangerous is the fact that cybercriminals gain access to the networks of multiple organizations because of a ransomware attack rather than just the victim’s network.
Those particularly vulnerable to these types of attacks include smaller organizations without the resources to implement necessary cybersecurity safety measures. In addition, the COVID-19 pandemic exposed many weak points for hackers to exploit because of the shift to remote work.
TECHNIQUES USED BY CYBERCRIMINALS TO ATTACK THE SUPPLY CHAIN
Some common techniques used by cybercriminals to attack supply chains have become more apparent. Techniques used by cybercriminals to be aware of include:
Phishing: Also known as social engineering, phishing is when a victim is tricked into downloading and opening an infected file. Cybercriminals typically pose as a boss or coworker to convince their victim into doing this.
Malvertising: This form of cyberattack finds the attacker crafting fake online advertisements that victims may click on unsuspectingly. This results in malicious software being run on the victim’s device.
Leveraging vulnerabilities in software code: When there are weak spots in a victim’s software code, cybercriminals can exploit this many ways, such as encrypting information and demanding a ransom to decrypt it.
SUPPLY CHAIN SECURITY’S WEAK LINK: MANAGED SERVICE PROVIDERS
Managed service providers and managed security service providers have been the sources of many breaches of supply chain security. That’s because many organizations place a large amount of trust in these providers and are less likely to be critical about downloading updates from them.
The danger of blindly trusting one’s managed service provider was showcased in the SolarWinds ransomware attack. A management system under the umbrella of SolarWinds called Orion, used by many large organizations, was hacked. Many organizations then unknowingly downloaded a malicious update, giving hackers unprecedented access to the private networks of many large organizations.
WHAT IS BEHIND THE RECENT SURGE IN RANSOMWARE SUPPLY CHAIN ATTACKS?
As a result of the steep rise in ransomware attacks in recent years, many have begun to seek the answer to that question. According to AT&T, these are the five main reasons for the increase in ransomware attacks against supply chains:
- Victims are more willing to pay ransoms
- Rising international tensions
- Expanding networks create more vulnerable points to be exploited
- Cryptocurrency has made anonymous payment easier for cybercriminals
- Cybercriminals offer ransomware as a service to other criminals without ransomware experience
SUPPLY CHAIN ATTACK PREVENTION FOR ORGANIZATIONS
Although ransomware attacks on supply chain organizations have become more prevalent in recent years, there are ways organizations can safeguard themselves. One of the most effective ways to do this is by utilizing the five-step approach that revolves around the idea that software developers need to ensure their code has as few vulnerabilities as possible. Here are the five steps:
- Keep developers updated on cyberattack risks
- Make sure open-source development tools are visible and secure
- Adopt zero trust security that treats all code as unsafe
- Build encryption into all apps
- Work with vendors and partners to plug third-party risks
To stop supply chain attacks, software needs to be shipped with little to no weaknesses or vulnerabilities for cybercriminals to exploit. Both vendors and customers of supply chain software can benefit from taking advantage of effective safeguarding techniques. Some of the best and most effective techniques for preventing supply chain cyberattacks include:
- Identify and plug third-party leaks
- Lock down internal systems and vendor networks by patching all known vulnerabilities
- Evaluate partners’ security measures and vendors’ security ratings
While one may be aware that these are goals to work toward, it’s not always obvious how to achieve them. Tools and approaches that can be used to achieve these include:
- “Honeytokens” or fake data resources planted on a company’s network to attract attackers and alert the company about suspicious activity. In addition to providing advanced notice of an attack, honeytokens indicate the methods the attackers will use and can sometimes identify the criminal parties.
- Privileged access accounts must be managed carefully by implementing a platform that disrupts the path from initial network access to the exfiltration of sensitive data.
- Cybercrime awareness training instructs staff on how to detect a phishing attempt, how to protect their login credentials, and how to identify and report breach attempts.
- Third-party data leak detection tools prevent ransomware attacks that originate on vendor and partner networks, even when the third party is unaware of the breach.
- Encryption of all internal data is one of the simplest ways to discourage cybercriminals, who often prefer to attack systems that are easily breached. Encryption should meet the Advanced Encryption Standard.
- Zero trust architecture is a security approach that assumes all activity on the company’s network is malicious by default, so access to sensitive information requires that each connection request meet a stringent set of security policies.
- Multiple layers of defense integrate antivirus, multifactor authentication, and attack surface monitoring, among other data security measures. Multilayer security creates operational layers, each of which has unique capabilities and functions targeted at preventing a specific type of threat.
THE WORLDWIDE BATTLE AGAINST CYBERCRIMINALS
Though ransomware attacks have increased on supply chains, it’s estimated that these crimes will increase even more in the coming years. That’s why private organizations and government agencies are prioritizing the fight against ransomware and are helping mitigate the threat of cyberattacks.
In addition, cybersecurity professionals familiar with the latest tools and specialized knowledge in the field are helping supply chains become more resilient against cybercriminals with stronger cybersecurity practices. The strengthening of supply chains benefits not only manufacturers but also consumers and the economies of the entire world.
Ryan Ayers has consulted several Fortune 500 companies within multiple industries including information technology, cybersecurity, and big data. After earning his MBA in 2010, Ayers began working with start-up companies and aspiring entrepreneurs, with a keen focus on data collection and analysis.