How to protect against the evolving threat landscape
December 2017 by Chris O’Brien, Director Intelligence Operations at EclecticIQ
The modern business landscape has seen the use of third party suppliers drastically increase as organisations have realised the benefits these partnerships can bring. In fact, a recent survey ‘Third Party Risk: Exposing the Gaps’ from Thomson Reuters discovered that 70 per cent of organisations have become more flexible and competitive because of third party relationships.
These partnerships mean it’s no longer enough for businesses to understand just their own security set up, now every organisation within a company’s supply chain needs to be equally aware of, and shored up against, the risks posed by the evolving threat landscape.
Understanding the threats posed by third parties
It’s never been so vital for organisations to know and understand their entire ecosystem as regulations such as General Data Protection Regulation (GDPR), Open Banking and the Second Payment Services Directive (PSD2) get ever closer. Yet, by undertaking overarching audits on a regular basis and turning this practice into a mandated process, business can do just that. This also puts them on the right path to fostering good threat intelligence sharing regimes and protecting the whole supply chain from attackers who may be using the smaller organisations as a stepping stone to gain access to a business higher up the chain.
One example of this kind of attack in action is the incident involving SWIFT. A provider of financial messaging services, whose messaging network handles trillions of dollars in fund transfers daily, SWIFT is targeted by attackers on a regular basis. For businesses in this situation it is vital to prevent weak links in the chain which could be the cause of a future attack, especially at a time when cyberattacks are hitting the headlines on almost a daily basis. Working closely with third parties in the supply chain on their cyber strategy is the best way to ensure this.
The hacker psyche
Attacks on third parties such as the aforementioned SWIFT attack aren’t new and unfortunately are becoming more prolific. This evolution in the threat landscape is also being identified elsewhere in the industry, with one key example being the significant rise in cyber vandalism which has become apparent in recent years. On the plus side however, there is now much more data available to businesses which can help them identify changes in attackers’ approaches and protect against them.
Using cyber vandalism as an example, it’s sometimes difficult to see what reward comes from these form of attacks. Are they created by students looking to show off, hacktivists looking to spread an ideological message, researchers infecting systems by testing new methods, or developers creating delivery methods for more professional and serious viruses? Whoever the attacker, it’s quite safe to say that attributing the actor through the TTP (tactics, techniques and procedures) by itself is far from conclusive.
The WannaCry malware, specifically the usage of the Destova wiper component, also raises some interesting points when it comes to the psychology and the tasking of nation state hackers. Wiper software is a bizarre edition to the WannaCry mix, given the ransomware itself is already encrypting files in the hope that the organisation will pay up. Not only that, but it’s the same wiper software used by Lazarus, so does this indicate a close connection with the group, a coincidental re-use of existing toolsets or is it a deliberate and obvious addition to point towards Lazarus as the perpetrators?
It’s very possible this ambiguity is deliberate especially as all of these unknowns make attribution very difficult. Also, without a clear motive behind an attack, it’s almost impossible to identify a pattern in the behaviour of threat actors which can help prevent against future attacks.
Time to act
There is not one part of the supply chain that isn’t coming under a constant barrage of cyberattacks, and with the threat landscape evolving rapidly, these attacks are becoming more sophisticated. To stop this, businesses need to start looking at cyberattacks from the adversary’s perspective and understand what is most attractive to an attacker. Is it more lucrative for them to attack the smaller businesses in a bid to reach the larger organisations, or will they go straight for the top of the chain?
Without this understanding organisations will fall further behind new attack trends as the threat landscape continues to evolve. Corporations need to act now to ensure their cybersecurity strategies are keeping up with the attackers.