LATEST INTELLIGENCE

NotPetya , Sunburst , Kwampirs ) and impostor threats like business email compromise ( BEC ).

TYPES

• Business email compromise ( BEC , or email fraud ). Attackers pose as someone the recipient would trust – typically a business partner , supplier or vendor . The recipient is asked to make a wire transfer , pay a fake or altered invoice , divert payroll funds or change banking details for future payments . In some email fraud schemes , the attacker may compromise the supplier ’ s actual email account to pose as the supplier and even piggyback existing email conversations .

• Software supply chain attacks . Attackers gain access to the systems of a software or managed service provider and infect future builds that are then distributed on to customers and partners . Such attacks are rare compared to the forms listed above , but they can affect multiple victims from a single breach .

RISK FACTORS

PRESENTED BY

Download whitepaper here

DESCRIPTION

Supply chain attacks fall into two main categories : email fraud and third-party software .

In these attacks , cyber criminals compromise vendors or service providers in order to attack their customers and partners . Initial supplier compromise is often by phishing or malware . Once inside a supplier system , attackers can impersonate email accounts to initiate phishing , invoicing fraud or other types of attack against customers . Once attackers have breached customer systems , they can steal confidential data , install ransomware or use access to trigger a further wave of phishing or email fraud attacks .

TOOLS OF THE TRADE

Supply chain threats typically involve phishing for credentials ( account takeover ), malware ( Stuxnet ,

• Engaging vendors for professional services and consultation

• Not employing adequate cybersecurity protection

• Providing access to staff who are negligent or untrained in security awareness

• Supply chain complexity – businesses increasingly rely on a variety of cloud platforms and SaaS services

Supply Chain Attacks in the News

Target to pay $ 18.5M for 2013 data breach that affected 41 million consumers

Account credentials stolen from one of Target ’ s vendors enabled attackers to breach the retail giant ’ s systems and steal sensitive payment information from more than 41 million customers .

Hackers are attacking the COVID-19 vaccine supply chain

A phishing attack targeted executives at 44 companies across several continents in an attempt to compromise the global COVID-19 vaccine supply chain .

Community Housing Nonprofit Hit with $ 1.2M Loss in BEC Scam

Attackers spoofed a vendor domain to steal almost £ 1 million in rent from a cooperative housing association near London , U . K . p

www . intelligentcio . com INTELLIGENTCIO MIDDLE EAST 29