Saturday, June 4, 2022

What Is Predicted For The Second Half Of 2022? More Supply Chain Attacks

 


Well, here we are now in the first full weekend in June.  Finally summer is here, and it feels great.  But with the way the time is going, soon we will be complaining about winter approaching.  On the Cyber front, things are moving quickly, but believe it or not, so far, we have not yet had the major catastrophes that were feared after Russia invaded the Ukraine.

But we still have half of the year to go, so anything is still possible.  But as I go through the news headlines, this fear seems to be diminishing somewhat.  In fact, there are articles even out there now that discuss why Russia has not launched a major Cyberattack yet.  More to come about that in future blogs.

I think as I mentioned last week, and on a couple of podcasts I have had recently, the attention is still on Ransomware and whether or not a payment should be made to the Cyberattackers that launch these kinds of assaults.  But, another hot button topic that is reemerging yet once again is that of Cybersecurity Insurance. 

A lot of businesses now seem to be concerned about this, especially with regards that it is more difficult now then ever before to procure a rock-solid insurance policy.  A business owner now has to go through a whole rung of compliance checks and even fill out a self-assessment before their particular is even looked at.  I know this for a fact, as I have seen some of them.  Yes, they are detailed, and take time to go through.

Another topic that has seemed to resurface again is that of supply chain attacks.  I actually have reviewed what this is in previous articles, and in a few podcasts.  But to refresh, rewind back to some time ago.  Remember the entire Solar Winds fiasco?  Well, for lack of a better term, this is a prime example of such an attack. 

Essentially, the Cyberattackers were able to find a small hole in the IT/Network Infrastructure, and at that point, they were able to install their malicious payload.

Once the victims downloaded the needed software patches, their devices and other systems became infected with this malware.  But we are not talking about just a few victims, we are talking about literally thousands of them.  But what is unique about the supply chain attack is that it is not what you would call a one to one (1:1) attack, but rather, a one to many (1:N).  In fact, this is the trend that we will now be seeing as these kinds of attacks happen even more.

In the mind of the Cyberattacker, why waste valuable time just hitting one target, when you can hit a lot more, especially all at the same time?  But keep in mind, the key is finding that vulnerable weak spot.  But there are other reasons for this, and these include some of the following:

*Supply chain attacks allow the Cyberattacker to reap a quicker payoff in terms of financial gain, because so many victims are involved.  And of course, the more of there are, the quicker the ROI will be.  Don’t forget the press attention that this well get.  Remember, Cyberattackers are humans also.  Once they get the attention in the press, they get a high on their ego (for all of the wrong reasons of course), and are thus motivated to launch more attacks.

*Web based applications are becoming the norm today in the Remote Workforce environment.  Because of this huge uptick, software developers are even more pressure to deliver on time.  Because of this, checking for the security of the source code often falls to the wayside. Worst yet, many developers are now heavily relying upon source APIs to develop web applications, and these often go untested or unchecked.

*After COVID-19 hit and the Remote Workforce now being a permanent thing, many businesses have moved entirely into the Cloud, such as the AWS or Microsoft Azure.  But, one thing that gets overlooked is that many enterprises choose a Public or Hybrid deployment, which means that the Cloud resources are shared.  Although technically speaking everybody has their own server instance, things are still shared.  So a vulnerability that exists in one tenant could spill into your environment, thus making a valuable point of entry for the Cyberattacker to penetrate into.

So given all of this, what can you do so that you can mitigate the risks of being a point of delivery for a supply chain attack?  Here are some tips:

1)     Check all assets:

Normally this is done when you conduct a Risk Assessment in order to determine which of your digital assets are the most vulnerable to a Cyberattack.  However, this gets trickier of you are totally based in the Cloud.  For example, you don’t know what could be inserted into your platform.  For example, your provider could have put in a something you are not aware about, or even an employee could have unintentionally deployed something also.  Therefore, you need to keep a 100% of what is coming and going in your Cloud deployment on a 24 X 7 X 365 basis.  Of course, doing this manually would take forever, but technology has now come to the point where this can be done automatically for you.  Or, ask your Cloud provider if such tools are available, and if they can set up a system of warnings and alerts as new things pop up in your Cloud environment.

2)     Keep watching and keep assessing:

Apart from monitoring of what is going in and coming out, you need to keep a constant eye also of what still remains vulnerable.  You can do this by conducting automated Vulnerability Assessments and Penetration Testing exercises of your Cloud environment.  On top of this, you need to keep on top of what is still vulnerable in the way of your digital assets.  In this regard, you make use of what is known as a “SIEM” to give you a bird’s eye view of just what is happening in your Cloud infrastructure, from just one, single dashboard. In this area, I do have to recommend that you make full use of Microsoft Azure. They have great tools that you can use at no extra charge to help you do all of this.

3)     Have an Incident Response (IR) Plan in place:

Even  after you have taken all of the preventative measures, there is still no guarantee that you will not become a victim. In this case, you need to have a rock-solid IR Plan in place that will dictate the sequence of activities that you need to follow immediately to mitigate the risk of spreading even further.  This plan should be rehearsed at least once a quarter, and updates made to the documentation with lessons learned.  There are many templates that are available online that you can use for this very purpose.

My Thoughts On This:

According to the latest from Gartner, supply chain attacks will among in the top 10 for Cyberattacks, and up to 60% of security breaches will happen in this fashion.  More information about these stats can be seen in the following links:

https://www.gartner.com/en/newsroom/press-releases/2022-03-07-gartner-identifies-top-security-and-risk-management-trends-for-2022

https://www.cyberpion.com/blog/types-of-supply-chain-attacks/

But going forward into the second half of 2022, you may not see another Solar Winds attack.  Rather, it is anticipated that the Cyberattacker will launch much smaller scale ones simultaneously, in order to cause more damage without being noticed too quickly.

No comments:

Post a Comment

How To Launch A Better Penetration Test In 2025: 4 Golden Tips

  In my past 16+ years as a tech writer, one of the themes that I have written a lot about is Penetration Testing.   I have written man blog...