PROTECTION MATTERS

Ransomware: The need to protect the weakest link, your supply chain

30 May 2022

So far in our ransomware series, we have looked at the basics of ransomware, Remote Desktop Protocol and email compromises. In this blog, we take a look at how businesses can be attacked through their supply chains.


Read more articles from the series:

PART 1: Ransomware: What SMBs should know 

PART 2: Ransomware: The many dangers of Remote Desktop Protocol

PART 3: Ransomware: How to provide a valuable layer of protection to email

PART 5: Ransomware: A game of cat and mouse

PART 6: Ransomware: How to protect your company against attacks


 

What is a supply chain?

A supply chain is a network between a company and its suppliers to produce and distribute a specific product or service. It consists of everything between the raw materials and the product that hits the shelves. The chain is typically made up of the supplier of the raw materials, the manufacturer, the distributor and the retailer.

 

When it comes to security, the supply chain is only as strong as its weakest link. Attacking the supply chain at any point along its length will have consequences throughout. When the environment is digital rather than physical, the ramifications are the same. By breaching just one vendor, bad actors may eventually be able to gain unrestricted and hard-to-detect access to large sections of vendor's business partners and customer base.

 

Playing the odds

 This explains why large vendors are constantly being targeted. Their solutions are used in homes and businesses around the globe. Attack Microsoft Exchange and you attack millions of people worldwide in one hit. Threat actors are simply playing the odds in their ambition to drop malware, including ransomware, on victims’ email servers.

 

This is exactly what happened in 2021 when Calypso, LuckyMouse, Tick and Winnti Group, among others, exploited Microsoft Exchange vulnerabilities to compromise email servers all around the globe. Several large and influential organizations, such as the Swedish supermarket chain Coop, suffered at the hands of the attackers. The nature of the vulnerabilities allowed the installation of a web shell to the server, which was then used to serve as an entry point for further malware installation.

 

Staying locked up and secure

The NIST Cybersecurity Framework from the U.S. federal government provides a valuable starting point for anyone wanting to ensure that his or her supply chain remains locked up and secure. It recommends that “The practice of communicating and verifying cybersecurity requirements among stakeholders is one aspect of cyber supply chain risk management (SCRM). A primary objective of cyber SCRM is to identify, assess and mitigate products and services that may contain potentially malicious functionality, are counterfeit or are vulnerable due to poor manufacturing and development practices within the cyber supply chain.”

 

The importance of patch management

The propensity for supply chain attacks also highlights the importance of adequate patch management processes. This helps ensure that any potential back doors to your organization are shut as soon as they are discovered. Software companies watch closely for new vulnerabilities in their applications and regularly release security updates that eliminate potential threats. Prevention is always better than protection. It is, therefore, important to download these security updates as soon as they are released. If you are running Windows, you can learn more about automatic updates from Microsoft here.

Read also

Unexpected Dangers for Small Businesses_cover photo

Unexpected Dangers for Small Businesses

Office recycling bins, USB drives, unwatched computers, social media profiles. Those are some of the possible weak spots hackers can use to harm small businesses. ESET cybersecurity expert Jake Moore regularly sets off into the field and investigates such hidden dangers that SMBs might not be aware of. Here are some of his experiences.

SMB_cybersecurity_risk_assessment_cover

Assessing Your Cyber Risk: How Vulnerable Are You?

Computers, mobile phones, printers, tablets and other smart gadgets. Servers, emails, social and Wi-Fi networks. Digital assets and smart devices have become an indispensable part of most companies. Want to stay one step ahead of cybercriminals? Find out which of these might be your weak point. All you need is a cyber risk assessment.

Ransomware series part1_cover

Ransomware: What SMBs should know

Ransomware is one of the biggest threats to businesses today, and with new attacks hitting the news on a daily basis, the risk can seem overwhelming. But what actually is ransomware, and how can businesses protect themselves? In this series, we will take an in-depth look at ransomware, highlighting specific methods of attack such as email compromise, vulnerabilities and the Remote Desktop Protocol, delving into supply chain attacks, and giving advice on how businesses can mitigate the risk .

Ransomware series part2_cover

Ransomware: The many dangers of Remote Desktop Protocol

In the first part of this series, we gave a basic overview of ransomware and how it works. Now, we are delving deeper into the specific ways in which ransomware operators infiltrate your systems, starting with Remote Desktop Protocol.

Ransomware series part5_cover

Ransomware: A game of cat and mouse

In previous blogs we focused on how cybercriminals utilize vulnerabilities in Remote Desktop Protocol (RDP), email and supply chains to drop ransomware onto an organization’s systems. Although these are popular methods, they are by no means the only techniques used by those with malicious intent.

Ransomware series part3_cover

Ransomware: How to provide a valuable layer of protection to email

As we discussed in our blog exploring Remote Desktop Protocol, ransomware is on the rise, and has been exacerbated by the current work-from-home trend. While the bad guys use many attack vectors to attempt to infiltrate your systems and plant ransomware, the most popular – by far – remains email.

Ransomware series part6_cover

Ransomware: How to protect your company against attacks

Ransomware is one of the most potent threats to modern business, targeting organizations both large and small. To conclude our series exploring the various techniques used by cybercriminals to drop ransomware on corporate networks, we'll explore what organizations can do to ensure they can mitigate the risk.