supply chain attacks are cyber attacks that attempt to damage an organization by targeting less secure elements in the supply network. Supply chain attacks can occur in any industry, from the financial sector, the oil industry or the government sector. Virtual cyber criminals typically tamper with the product-making process by installing rootkits or hardware-based spy components.
Targeted security breakouts, European Eastern Europe malware, and the Stuxnet computer worm are examples of supply chain attacks.
Supply chain management experts recommend tight control of agency supply networks to prevent potential damage from cyber criminals.
Video Supply chain attack
Ikhtisar
Supply chain is a system of activities involved in the handling, distribution, manufacturing, and processing of goods to transfer resources from the vendor to the hands of the end consumer. The supply chain is a complex network of interconnected players governed by supply and demand.
Although supply chain attacks are broad terms without a universally agreed definition, referring to cyber security, supply chain attacks involve physical interference with electronics (computers, ATMs, power systems, factory data networks) to install undetected malware for the purpose of bringing harm to players further in the supply chain network.
In a more general sense, supply chain attacks do not have to involve electronics. In 2010 when robbers gained access to Eli Lilly's pharmaceutical supply warehouse, drilled a hole in the roof and loaded a $ 80 million prescription drug into the truck, they were also said to be carrying out a supply chain attack. However, this article will address cyber attacks on technology-dependent physical supply networks; therefore, supply chain attacks are the methods used by cyber criminals.
Maps Supply chain attack
Attack template
In general, supply chain attacks on information systems begin with sophisticated continuous threats that determine the members of the supply network with the weakest cyber security to influence the target organization. According to an investigation produced by Verizon Enterprise, 92% of cyber security incidents analyzed in their surveys occur among small firms.
APT can often gain access to sensitive information by physically damaging product production. In October 2008, European law enforcement officials "uncovered a highly sophisticated credit card fraud ring" that stole customer account details by using non-trackable devices incorporated into credit card readers made in China to gain access to account information and make repeated bank withdrawals and Internet purchases, which are estimated to lose $ 100 million.
Risk
The threat of supply chain attacks poses a significant risk to modern organizations and attacks are not just limited to the information technology sector; Supply chain attacks affect the oil industry, large retailers, the pharmaceutical sector and almost all industries with complex supply networks.
The Information Security Forum explains that the risk that comes from a supply chain attack is that information sharing with suppliers suggests that "sharing information with suppliers is essential to the supply chain to function, but also creating risk... information compromised in the supply chain can be just as damaging as compromised from within the organization ".
While Muhammad Ali Nasir of the National University of Emerging Sciences, attributes the above-mentioned risks to the broader globalization trend which states "... because of globalization, decentralization and supply chain outflow, the number of exposure points also increases due to the large number of entities involved and it is also spread all over the world... [a] cyber attacks on [a] supply chain are the most destructive way to destroy many related entities at once because of their ripple effects. "
Poorly managed supply chain management systems can be a significant hazard to cyber attacks, which can lead to loss of sensitive customer information, manufacturing process interruptions, and could damage the company's reputation.
Recent examples
Target
By the end of 2013, Target, a US retailer, was hit by one of the biggest data breaches in the history of the retail industry.
Between November 27 and December 15, 2013, Target's brick-and-mortars stores in America are experiencing data hacking. Approximately 40 million credit and debit card customers are vulnerable to fraud after malware is introduced into the POS system at more than 1,800 stores. Targeted customer information data infringement saw a direct impact on corporate earnings, which fell 46 percent in the fourth quarter of 2013.
Six months before the company started installing a $ 1.6 million cyber security system. Target has a team of security specialists to monitor their computers constantly. However, supply chain attacks avoid these security measures.
It is believed that cyber criminals infiltrate third-party suppliers to gain access to Target's primary data network. Although not officially confirmed, investigators suspect that hackers first entered Target's network on November 15, 2013 using stolen access code credentials from Fazio Mechanical Services, a provider of Pennsylvania-based HVAC systems.
90 lawsuits have been filed against Target by the customer due to carelessness and compensation. Target spends about $ 61 million in response to violations, according to its fourth-quarter report to investors.
Stuxnet
Believed to be an American-Israeli weapon, Stuxnet is a dangerous computer worm. These worms specifically target systems that automate electromechanical processes that are used to control machinery in plant assembly lines or equipment to separate nuclear materials.
Computer worms are said to have been developed specifically to undermine the potential uranium enrichment program by the Iranian Government; Kevin Hogan, Senior Director of Security Response at Symantec, reports that the majority of systems infected by the Stuxnet worm are in the Islamic Republic of Iran, which has led to speculation that it may be deliberately targeting "high value infrastructure" in the country including either the Bushehr Nuclear Power Station or Natanz nuclear power plant.
Stuxnet is usually introduced into the supply network via a USB flash drive that is infected with people with physical access to the system. The worm then travels across a virtual network, scanning software on a computer that controls programmable logic controllers (PLCs). Stuxnet introduces infected rootkits to the PLC modifies the code and gives unexpected commands to the PLC while returning the feedback loop of the normal operation value to the user.
Malware ATM
In recent years, malware known as Suceful, Plotus, Tyupkin, and GreenDispense have affected Automated Teller Machines globally, especially in Russia and Ukraine. GreenDispenser specifically gives the attacker the ability to walk to the infected ATM system and remove the cash safes. When installed, GreenDispenser may display a 'not working' message at the ATM, but an attacker with the proper access credentials can drain the cash cash on the ATM and remove the malware from the system using an untracked removal process.
Other types of malware usually behave in the same way, capturing the magnetic stripe data from the machine's memory storage and instructing the machine to withdraw cash. The attack requires someone with insider access, such as an ATM technician or someone else with a key to the machine, to place malware at an ATM.
The Tyupkin malware, which was active in March 2014 at more than 50 ATMs in banking institutions in Eastern Europe, is also believed to have spread to the US, India and China. Malware affects ATMs from major manufacturers running the 32-bit Microsoft Windows operating system. Malware displays information on how much money is available on each machine and allows attackers to pull 40 records from selected tapes from each ATM.
Prevention
Government
The Comprehensive National Cybersecurity Initiative and Cyberspace Policy Review endorsed by the Bush and Obama administrations respectively, direct US federal funding for the development of a multi-pronged approach to global supply chain risk management. According to Adrian Davis of the Technology Innovation Management Review, securing the organization from supply chain attacks begins with building a cyber-resistant system. Supply chain toughness, according to supply chain risk management expert Donal Walters, "supply chain capabilities to address unexpected disturbances" and one of its characteristics is the widespread recognition of companies in which the supply chain is most vulnerable to infiltration. Supply chain management plays an important role in creating effective supply chain resilience.
In March 2015, under the conservative and liberal Democratic government coalition, the UK Business Department outlined new efforts to protect SMEs from cyber attacks, including measures to improve supply chain resilience.
The UK government has produced the Cyber ​​Scheme Essentials, which trains companies to good practice to protect their supply chains and overall cyber security.
Financial institutions
The Depository Trust and Clearing Group, an American post-trade company, has operated its governance for vulnerability management throughout its supply chain and sees IT security throughout the development lifecycle; this includes where software is encoded and hardware is produced.
In the PwC 2014 report, titled "Intelligent Threats: Building a Tough Financial Institution Maya", the financial services company recommends the following approaches to reduce cyber attacks:
"In order to avoid potential damage to the fundamentals, reputations, brands, and intellectual property of financial institutions, the executive team needs to take ownership of cyberspace risk.In particular, they must collaborate in advance to understand how institutions will maintain and respond to cyber risks, and what is required to make their organization resilient.
Cyber ​​security company
FireEye, a US network security company that provides automatic threat forensics and dynamic malware protection against advanced cyber threats, such as sophisticated persistent threats and spear phishing, recommends companies to have certain principles for creating resilience in their supply chain, which include:
- Small supplier base: This allows the company to have tighter control over its suppliers.
- Vigorous vendor controls: Enforce strict controls on suppliers to comply with a list of approved protocols. Also conducting occasional site audits at suppliers' locations and having personnel visiting those sites regularly for business purposes allows for greater control.
- Security built into the design: Security features, such as check digits, must be designed into the software to detect any previous unauthorized access to the code. Repeated testing process to get functionally hardened code and strengthened with security is a good approach.
On April 27, 2015, Sergey Lozhkin, Senior Security Researcher with GReAT at Kaspersky Lab, talked about the importance of managing the risks of targeted attacks and cyber espionage campaigns, during a conference on cyber security he stated:
"The mitigation strategies for advanced threats should include security and education policies, network security, comprehensive system administration, and special security solutions, such as... software cropping features, application controls, whitelist, and standard rejection modes."
See also
- Advanced persistent threats
- Cyber ​​attack
References
External links
- New Malware captures DNS PIN and Money - Updated - Wired
Source of the article : Wikipedia
0 Comments