Supply chain hacks hit again as cyber criminals continue to target third party vulnerabilities
November 2023 by AJ Thompson, CCO at Northdoor plc
2023 is fast becoming the year of the ‘supply-chain hack’. New hacks are reported everyday as cybercriminals continue to take advantage of vulnerabilities within third parties to gain access to key data.
One of the latest hacks has seen identity and access management provider Okta hit by a breach that exposed private customer information. In the breach, the cybercriminals used stolen credentials to gain access to Okta’s customers data. Using the credentials of an access management provider gave the hackers the additional bonus of appearing completely legitimate.
The nature of Okta’s business means that it is a tempting target for cybercriminals as once they have secured access, they can quickly get into multiple customers infrastructure. As a result, Okta has been the victim of multiple breaches, including twice in 2022. Ironically, Okta has also been the end victim recently of a supply chain attack, where its healthcare benefits partner, Rightway Healthcare was hacked, leaving the details of Okta employees exposed.
The fact that security firms are vulnerable to attack should be an eye-opener to most companies as should another recent supply chain hack that targeted the public sector.
This example saw 70 German municipalities hit by an attempted ransomware attack. An unknown hacker group targeted and encrypted the servers of municipal service provider Süwestfalen IT. To prevent the malware to spreading directly to its customers, the company restricted access to its infrastructure. Whilst this was largely successful in restricting the movement of the malware, it did mean that local government services were severely limited. The timing of the attack, at the end of October, meant that payments like salaries, social assistance and transfers from the nursing care find were all hindered.
Both breaches show that supply chain hacks are increasing, that all sectors are impacted, and that just one hack can impact multiple companies. Such is the threat all companies need to quickly step up their ability to close vulnerabilities across their entire supply chain, as AJ Thompson, CCO at Northdoor plc explains.
“These recent hacks are a microcosm of why supply chain hacks are so effective. One successful breach into a company can gain access to multiple companies’ data, often without the end victim knowing that they’ve even been attacked.
“The fact that these latest two examples are also across both the private and public sectors show that all sectors are at risk, there is not one company or organisation in the UK that should not be worried about the potential threat coming from their supply chain.
“Even the smallest companies can have access into larger companies’ infrastructure which, as we’ve seen time and time again allows cybercriminals into infrastructure that would otherwise struggle to get to.
“The key is to have visibility over your entire supply chain, allowing you to see where the potential vulnerabilities lie within your partner network, closing those vulnerabilities and essentially, shutting the back-door on the cybercriminal trying to gain access. Some companies are turning to AI powered solutions that can provide a 360-degree view of their supply chain and where the vulnerabilities lie.
“The traditional method of ascertaining how secure a partners’ system is tends to be in the form of a questionnaire. This of course means that you have rely on the knowledge and honesty of the person filling in the form – this is no longer an acceptable method to ensure your systems are secure. All companies have to look to alternative solutions that deliver the real-time view of potential access points for cybercriminals. We are going to continue to see cybercriminals targeting supply chains to gain access to large volumes of sensitive data and we all have to do more to shut down this threat,” Thompson concludes.