SOFTWARE & SYSTEMS THE GREAT HACK
FORTNET
How secure is your supply chain ?
By Steve Mulhearn , Director of Enhanced Technologies at Fortinet
Hiding within the machinery , the sensors , the robots and the computers is a vital IT infrastructure responsible for the smooth running of the entire production and process of manufacturers . Yet it also exposes the vulnerability of vendors in the supply chain to cyber invasions via the long tail of IT services they lean on . In this environment , a “ supply chain ” attack also takes on a very literal meaning because most of these companies have long , multi-party supply chains for producing their products . These suppliers and partners often have links into the organisation ’ s ERP and business process systems , so ensuring that all partners are as well protected as they themselves has become a big topic of discussion .
Using the latest innovations , cyber criminals creep around in email services , pretending to be employees to access or manipulate data . Or they might introduce a nasty code into IT software requiring a system update that unwittingly opens the back door for attackers to enter . Once in , the malware can transfer files , reboot computers and disable system services , sabotage infrastructure operators – the list is encompassing and endless – and it ’ s difficult to ask the unwanted guest to leave .
Securing the supply chain is the hardest nut to crack because there are so many links . This is compounded by ever more sophisticated and aggressive methods of today ’ s hackers . Operators are shifting their strategy away from email-initiated payloads to focusing on gaining and selling initial access into corporate networks further showing the continued evolution of Ransomware-as-a-Service ( RaaS ) fueling cybercrime . Recent data from
Fortinet ’ s FortiGuard Labs 10x higher than one year ago . This shows us a consistent and overall significant increase over a one-year period . According to
Fortinet ’ s State of Ransomware survey , it has become the top threat of concern for many organisations today , including manufacturers , with ramifications that extend into the fields of geopolitics , espionage and national security . Hackers want to steal the secrets and money as well as damaging the reputation of their targets .
CYBERCRIME IS A BUSINESS TOO
Cybercrime is a lucrative industry too , complete with call centres that assist their victims to pay ransoms , tech support , money laundering partners , and Dark Webbers who build code for sale .
Take for example RaaS , a subscriptionbased model that allows partners ( affiliates ) to use Ransomware tools that have already been developed by someone else to execute attacks . The affiliates earn a percentage of the profits sometimes up to 80 % if the attack is successful , and everybody else gets their cut . The booming cybercrime ecosystem has therefore grown into its own supply chain , generating more than a trillion dollars of revenue every year . That supply chain is growing as well because the bad actors are becoming better funded , they are using new elements and service models , and they keep changing their tactics and upping the game .
In most sophisticated manufacturing ecosystems , multiple people and functions work together and it is no different with cybercrime . For example , suppliers create and produce malware and zero-code exploits , then they license , sell , and share their technology with distributors and affiliates , who then sell their solutions to clients who target those solutions at victims — effectively using their supply chain to better infiltrate their victims ’ supply chains .
DISRUPT THEIR SUPPLY CHAIN
At Fortinet , our researchers and threat hunters follow these criminals ’ moves and study their tactics and playbooks to replicate and detonate their attacks . We use heat maps to uncover recent techniques , so we know what they are thinking and what they have implemented which is key — their heat maps turn into roadmaps that lead us in the right direction . Because many cybercriminal organisations operate like a business , defenders can use a combination of their own tactics , real time data , and high-resolution intelligence against them ; by disrupting their supply chain , making it more expensive for them to operate and thereby forcing them to shift tactics .
Several events thus far in 2021 count as important wins for the defenders . Take TrickBot , for example — its original developer was arraigned on several charges in June . Likewise , the coordinated takedown of Emotet , one of the most prolific malware operations in recent history , as well as actions to disrupt Ransomware operations , such as Egregor and NetWalker . These wins signify the momentum of cyber defenders , including collaboration among global governments and law enforcement .
TAKE AIM AT CYBER SECURITIES
By educating manufacturers on bestpractice
cyber hygiene , collaborating with other defenders , and leveraging tools like artificial intelligence ( AI ) to detect and implement countermeasures , they can stay one step ahead of the bad guys .
It ’ s safe to say that cybercrime isn ’ t going away any time soon , but as cybercriminals become more sophisticated and creative , so must businesses . The collaboration and sharing of threat intelligence among enterprises , law enforcement , and government entities helps to shine a light on the bad actors . Ultimately when they are taken down , it ’ s taking them longer to recover . Some affiliates are abandoning their criminal organisations altogether because they too have become targets of law enforcement . So , there have been promising dips in threat activity amongst manufacturers , but there is still work to do . We are at a critical inflection point when it comes to combatting cybercrime .
For further information , please visit www . fortinet . com
118 PECM Issue 53