Thales Warns of An Increase in Supply Chain Attacks | Total Security Software

On the occasion of the SolarWinds sunburst incident, there was a whole lot of lessons learned for the security community, not only that numerous authorities in Germany and abroad are affected. Without wanting to go into the details are known up to now, it can be stated that supply chain attacks will increase, also with a view to the attacks that have become known against the EU authority EMA commissioned with the certification of the vaccine from the manufacturer Pfizer / Biotech.

The fact that even the stolen data is published, as in this case, is due to a new quality of ransomware attacks, in which the data is encrypted and copied on the one hand, and put on the network as a so-called "double extortion" on the other. Ultimately, attackers are after data and follow the path of data from one company to another to pick out the weakest and easiest link in the chain. This strategy always comes into play when professional attackers are behind the attacks, who have invested a lot of time and effort in exploring their target. This is what makes them so dangerous and makes protecting them so expensive.

 

But what exactly is a supply chain attack?

Classically, the term means the compromising of software code or an application that is developed by a third party and is then used in other widespread software or systems. There have been enough examples since Target 2014, so the phenomenon is well known, but the extent and sophistication behind the recent attacks make you sit up and take notice and do not anticipate anything good for the future. Given the extent of the interconnectedness of today's economy and the dependency on functioning supply chains, the term “supply chain” can be understood even more broadly if it is understood as a “value chain” or even further as a “third party” attack. Attackers look at the entire supply chain, they have time, they wait, they look for vulnerabilities, for example in accounting software, which is used by some companies and also by the suppliers or branches abroad. The gateway does not have to be large, but it remains unnoticed for a long time. As in the many cases that have come to light, the attackers can spread out in peace and gradually gain access to the data sets of interest to them. The threat is now so great that in a study by the US security service provider BlueVoyant, more than 80 percent of those surveyed confirmed that they had already been the victim of such an indirect attack. the attackers can spread out in peace and gradually gain access to the data sets of interest to them. The threat is now so great that in a study by the US security service provider BlueVoyant, more than 80 percent of those surveyed confirmed that they had already been the victim of such an indirect attack. the attackers can spread out in peace and gradually gain access to the data sets of interest to them. The threat is now so great that in a study by the US security service provider BlueVoyant, more than 80 percent of those surveyed confirmed that they had already been the victim of such an indirect attack.

Given the increasing attacks on and via suppliers and third-party companies, companies should therefore pay more attention than ever to how their supply chains - everything from software development to the actual delivery processes themselves - are set up in terms of IT security. In addition to strong encryption and access control, raising employees' awareness is of particular importance. Only those who keep an eye on their supply chains can protect themselves from cyber attacks, even if there is no comprehensive protection.

Try total security software for your organization's security protection.