In this interview with Help Net Security, Brandon Hoffman, CISO at Intel 471, talks about the growing threat of supply chain attacks, the most common supply chain vulnerabilities and how the right threat intelligence can help stay on top of these threats.
We are witnessing a growing number of supply chain attacks lately, and cybercriminals are becoming stealthier and smarter. What are the common methods used by cybercriminals to carry out such attacks?
Cybercriminals have adopted legitimate business models, including an “affiliate model” for ransomware most often referred to as Ransomware-as-a-Services (RaaS) in 2016. Other cybercriminals are simply suppliers in their own economy of products, goods and services. However most recently, these cybercriminals have reinvented their business to focus on the highly lucrative penetration and compromise a complete network.
Supply chain attacks carry the same hallmarks of traditional cyberattacks but with a longer or larger goal in mind producing a chain of success attacks and a wake of victims. Initial access, privilege escalation, lateral movement, data exfiltration or ransomware are the most common steps.
Could you describe the main components of a supply chain attack?
The first component of the attack begins with identification of a vulnerable supplier who is digitally connected to an organization(s) with highly valuable data.
Next, the target organization is infiltrated, valuable data exfiltrated, and lateral movement to connected consumer organizations is executed as the secondary phase of attack and cycle repeats itself through as many exploitable connections that are available.
Does gaining visibility in the supply chain help organizations stay ahead of the threats? What can they do to strengthen their security posture?
Securing a business’ attack surface extends far beyond its internal network, processing and storage assets. Inventorying its suppliers, vendors, and partners, as well as identifying those who have access to sensitive and/or critical data is key. Establishing third-party requirements and enforcing those contractually is a good practice; however, it is often both labor-intensive and costly.
Forward-thinking CISOs augment this practice with real-time, relevant threat intelligence. When coupled with a disciplined approach this intelligence can predict trends, potential vulnerabilities, organizations can prevent and protect their valuable assets from cyber attacks.
How is Intel 471 helping organizations tackle these growing threats and what is the technology it offers?
Intel 471 has a long history of providing best-in-class threat intelligence from malware to adversaries to credentials. While our intelligence is available via feeds for integrations with SIEMs, SOARs, et al, the largest enterprises across the globe use our intuitive SaaS platform, TITAN.
Our clients power their security operation by accessing structured information, dashboards, timely alerts, and intelligence reporting and by extending their operation with numerous connectors and integrations, integrating and operationalizing customized intelligence.
What are the most important capabilities an organization must take into consideration when choosing the right security solutions to address supply chain vulnerabilities?
Much like the most sophisticated engines work only at peak performance with the highest grade fuel, security solutions are only as effective as the intelligence it operationalizes. This is key to operating the most effective and efficient cyber operation.
With respect to supply chain vulnerabilities, the scope and reach of the security solution and its intelligence must be maximized, as it only takes a single vulnerability across an organizations vast supply chain for a ransomware attack to infiltrate a business network. Staying a step ahead of cybercriminals is required to prevent and protect business networks from supply chain attacks.