Multiple malware researchers including Symantec report that attacks on supply chain operations increased 200% in 2017. The reports say the attacks center around cryptocurrency rather than more historically standard zero-day attacks which makes sense because there may be financial gains to be had. But Crowdstrike identified other breaches that took advantage of more standard applications to gain access through permissions normally allowed to them. They included Avast’s CClearner and the Apple Mac oriented HandBrake media player.
Preying on the chain
If financial motivation is a secondary issue for cyber criminals targeting supply chains what can they be hoping to achieve?
Disruption
Competitors may want to delay products in transit and the US is the target in nearly 30% of all targeted attack incidents, making it the largest recipient. More than 70% of the attacks are initiated via spear phishing, the practice of singling out a single organization and using email tactics to gain access to company assets. The access these attacks achieve allow them deep access to all kinds of company functions and information.
Other research including much political investigation is finding attacks initiated by nation-state actors to cause different kinds of disruption. The motives cover a wide spectrum but typically attempt to disrupt standard operations and practices. There is increasing speculation that advanced persistent threats (APS) are being deployed in industrial computing systems including the US electric grid. Certainly a coordinated attack there would disrupt the supply chain and more.
Intelligence
While disruption is a significant threat, 90% of attacks are aimed at intelligence-gathering. That includes surveillance, spying, and theft of intellectual property. Again many of these kinds of attacks are conducted by nation-state sponsored groups. But the rise of what has been supposedly benign social media interactions is raising speculation that there is more at stake than cat videos when access to internal enterprise systems is compromised through malicious attachments and links.
As supply chain performance becomes more important and time frames tighten the effects of cyber attacks on supply chains can be devastating. Make certain your cyber security team has all your company’s supply chain technology under its surveillance.