In this interview with Help Net Security, Brandon Hoffman, CISO at Intel 471, talks about the growing threat of supply chain attacks, the most common supply chain vulnerabilities, and how good intelligence threats can help stay on top of these threats.
In recent times, we are seeing an increasing number of supply chain attacks, and cybercriminals are becoming more stealthy and smarter. What are the common methods used by cybercriminals to carry out such attacks?
Cybercriminals adopted legitimate business models, including an “affiliate model” for ransomware most commonly referred to as Ransomware-as-a-Services (RaaS) in 2016. Other cybercriminals are simply vendors in their own economy. of products, goods and services. However, more recently these cybercriminals have reinvented their business to focus on highly lucrative penetration and compromise an entire network.
Supply chain attacks carry the same characteristics as traditional cyberattacks, but with a longer or greater focus in mind, producing a chain of successful attacks and a wake of casualties. Initial access, escalation of privilege, lateral movement, data exfiltration or ransomware are the most common steps.
Can you describe the main components of a supply chain attack?
The first element of the attack begins with identifying a vulnerable vendor who is digitally connected to one or more organizations with high-value data.
Then the target organization is infiltrated, valuable data is exfiltrated, and a lateral movement to the connected consumer organizations is executed as the secondary attack phase and cycle repeat itself through as many exploitable connections available.
Does gaining visibility in the supply chain help organizations stay ahead of threats? What can they do to strengthen their security posture?
Securing a company’s attack surface extends far beyond its internal network, processing and storage resources. The inventory of its suppliers, vendors and partners, as well as the identification of those who have access to sensitive and / or critical data are essential. It is good practice to establish third-party requirements and enforce them contractually; however, it is often both laborious and expensive.
Forward-thinking CISOs add relevant, real-time threat intelligence to this practice. Combined with a disciplined approach, this intelligence can predict trends, potential vulnerabilities, organizations can prevent and protect their valuable assets from cyber attacks.
How is Intel 471 helping businesses combat these growing threats and what technology does it offer?
Intel 471 has a long history of delivering cutting edge threat intelligence, from malware to adversaries to credentials. While our intelligence is available through flows for integrations with SIEMs, SOARs, and more, the largest companies around the world are using our intuitive SaaS platform, TITAN.
Our clients strengthen their security operations by accessing structured information, dashboards, timely alerts and intelligence reports and by extending their operations with numerous connectors and integrations, integrating and operationalizing personalized information.
What are the most important capabilities an organization should consider when choosing the right security solutions to address supply chain vulnerabilities?
Just as the most sophisticated engines run only at peak performance with the highest quality fuel, safety solutions are only as effective as the intelligence they operationalize. This is essential to operate the most effective and efficient cyber operation.
When it comes to supply chain vulnerabilities, the scope and reach of the security solution and its intelligence should be maximized, as it only takes one vulnerability in an organization’s large supply chain. for a ransomware attack to infiltrate a corporate network. Staying ahead of cybercriminals is necessary to prevent and protect corporate networks from supply chain attacks.