Digital Value Chain Attacks on the Rise
Cybercriminals are moving to exploit vulnerabilities in the digital value chain as organizations fight to secure a rapidly expanding threat surface.
These were among the findings of a report from Micro Focus subsidiary CyberRes. The study revealed North America tops the list of most impacted regions, experiencing a third of the total cyber issues reported.
Just under a fifth of the global cyberattacks were ransomware, with the services sector the most targeted globally—the report also noted 200% growth in cyberattacks targeting the financial sector.
Digital Value Chain Attacks Target Retail, Telecom
In the United States, almost half of the total data breach instances in 2021 were meant for the retail (23.3%) and telecommunications (23.3%) industries, with threat actors such as Conti, Darkside and Marketo at the top of the list of threats that sought to exploit retail industries through data breaches.
The report noted financial gain is the primary motivation for these data breach activities targeting the retail and telecommunication sectors.
“An organization’s digital ecosystem is made of different pieces, several components and in-and-out channels that need to be protected,” said Ramsés Gallego, CyberRes’ international CTO. “From the network to the endpoints, from applications to storage cabins, from servers to cloud instances, each part of the digital journey deserves to be fortified, strengthened.”
He said one of the most common vulnerabilities is nebulous: The “false sense of security” organizations default to in thinking that everything is in good shape, protected and safeguarded.
“It is imperative that companies around the world understand that technology has gaps; that applications have many ‘holes’ that will certainly be used by cybercriminals to get to those businesses and bring them to a halt,” Gallego said. “Commercial and homegrown applications may be faulty from a code perspective but also from a security architecture point of view.”
The way that data flows back and forth in the cloud(s) also may represent an opportunity for offenders to steal information.
“We have to consider that vulnerabilities are a component of the risk equation; for risk to exist, there has to be a threat that exploits a vulnerability; with a probability of that happening and there has to have an impact,” he said. “Thus, vulnerabilities are the gaps that need to be identified, assessed and closed to ensure that companies and societies at large are secured.”
John Steven, CTO at ThreatModeler, an automated threat modeling provider, noted the report confirmed risks organizations have been modeling–exploitation of flaws in ubiquitous packages, such as Log4j, in pursuit of a pivot toward assets that can be monetized, as happens when malware encrypts business data for ransom.
“With more of organizations’ systems being placed in publicly accessible zones, and software bill of materials being consistently imperfect, it’s no surprise that this threat is becoming more prevalent,” he said.
Steven said by focusing on the impact—the ransoming of critical data—threat modelers advise compensating controls that allow organizations the opportunity to disinfect systems while they recover data from safe and protected enclaves with minimal disruption.
Ryan McCurdy, vice president of marketing at Bolster, a provider of automated digital risk protection, said companies need to focus on look-alike domains of their supply chain businesses and their own look-alike domains targeting their supply chain.
These pose a major threat in terms of account takeovers (ATOs) and business email compromise (BEC) scams.
He added account takeovers are an ever-present challenge for security teams to both detect and stop them.
“Phishing sites posing as your brand and aiming to steal account credentials remain the primary attack vector for fraudsters to gain access to customer accounts inside your online business,” he explained.
McCurdy added business email compromise scams, however, primarily target company employees or individuals who are responsible for transferring funds.
“For these scams, attackers use either spoofed or compromised email accounts of executives, employees or business partners to make fraudulent payment requests,” he said.
He pointed out that today, every instance of fraud has a digital component making people-based or legacy approaches nearly impossible to scale with the massive volume of data on the web.
“To scale, it’s critical that companies leverage automation to detect, analyze, and take down fraudulent sites and content across the web, social media, app stores, marketplaces, and the dark web,” McCurdy said.
Matthew Warner, CTO and co-founder at Blumira, a provider of automated threat detection and response technology, added organizations should take an asset inventory to get an understanding of their attack surface; tools like Shodan.io can help with this.
“Developing close relationships with vendors can help teams stay one step ahead of vulnerabilities that may affect their environments,” he said. “Tracking and patching every vulnerability that is released can be a full-time job, so working with a trusted cybersecurity partner—especially for small teams—is crucial to stay ahead of vulnerabilities.”
He pointed out cybersecurity shouldn’t be limited to organizations with massive teams and budgets; smaller businesses with fewer resources are equally vulnerable to threats.
Start With the Basics
“These businesses can start with the basics to better understand threats, keeping in mind that something is better than nothing,” he said. “Using a framework like NIST or CIS controls can help set the groundwork and give guidelines for starting a cybersecurity program from scratch.”
Warner said these organizations should take advantage of free tools whenever possible, relying on resources like CIS’s list of free tools.
He added that smaller organizations should prioritize products that are easy to use and manage, that cater to their individual needs and give them the resources they need to succeed in regards to implementation and maintenance.
“Finding vendors that act as partners and cybersecurity experts is crucial,” he noted. “Vendors or partners can relieve some of the burden for organizations with limited security resources to focus on more high-priority needs.”
