Story image

Cybercriminals make a meal of weakened supply chains

22 May 2018

Ransomware attacks and other cyber threats are targeting the supply chain in greater numbers.

Key takeaways from Dimension Data’s  Executive Guide to the NTT Security 2018 Global Threat Intelligence Report put the spotlight on the business and professional services supply chain, which is now a target for trade secrets and intellectual property theft.

The business and professional services sector was hit by 10% of global ransomware attacks and was the third most targeted industry worldwide.

While ransomware attacks themselves increased 350% in 2017, they only account for 7% of total malware. 75% of ransomware was either Locky or WannaCry.

The finance sector was ranked the number one target for cybercriminals who carry out reconnaissance and look for weak spots in an organisation's infrastructure.

The report says that the technology sector was the second most cyber-attacked industry in 2017, accounting for 19% of attacks..

In Asia Pacific, Attacks against the finance sector decreased from 46% in 2016 to 26% in 2017, but it remained the most attacked sector. This was caused by service-specific attacks.

“There are numerous moving parts to supply chains and outsourcing companies, which often run on disparate and out-dated network infrastructures, making them easy prey to cyber threat actors,” comments Dimension Data’s Group CTO for cybersecurity, Mark Thomas.

“Service providers and outsourcers are also a prime target, due to their trade secrets and intellectual property. Businesses need to wise-up to the very real threats against them, and ensure all aspects of their operations are robustly and securely protected.”

Across Asia Pacific, 2017 also brought twice the amount of attacks against the education sector compared to 2016 – a jump from 9% to 18%.

According to Dimension Data Australia director of cybersecurity John Karabin, attackers are looking for student records and other personally identifiable information because they are of great value to cybercriminals.

The United States was the top source for attacks targeting Asia Pacific (31%), followed by China (12%), Australia (10%), Romania (6%), and the Netherlands (4%).

The most common attack tools against APAC organisations include viruses or worms (66%), compared to 23% globally. Trojans and droppers accounted for 12% of APAC attacks, compared to 25% globally.

Other highlights from the report:

·       The technology and finance sectors account for 70% of all attacks in the Americas.  The US is a world leader in technology innovation while the finance sector collects and stores a vast amount of personal data which cyber criminals can monetise

·       Education was the most attacked sector in Australia (26%). With an open network model and collaborative environments that enable connectivity and research between students, campuses, colleges, and universities, this is a valuable target.

·       Attacks on the APAC manufacturing sector have dropped to a mere 7% (32% in 2016), because of the adoption of enhanced security governance and proactivity in raising cyber defence.

Privacy: The real cost of “free” mobile apps
Sales of location targeted advertising, based on location data provided by apps, is set to reach $30 billion by 2020.
Myth-busting assumptions about identity governance - SailPoint
The identity governance space has evolved and matured over the past 10 years, changing with the world around it.
Forrester names Crowdstrike leader in incident response
The report provides an in-depth evaluation of the top 15 IR service providers across 11 criteria.
Slack doubles down on enterprise key management
EKM adds an extra layer of protection so customers can share conversations, files, and data while still meeting their own risk mitigation requirements.
Security professionals want to return fire – Venafi
Seventy-two percent of professionals surveyed believe nation-states have the right to ‘hack back’ cybercriminals.
Alcatraz AI to replace corporate badges with AI security
The Palo Alto-based startup supposedly leverages facial recognition, 3D sensing, and machine learning to enable secure access control.
Ensign and IronNet partner to create cyber analytics capabilities
The Singapore-based joint venture will form a Cyber Analytics Center for Excellence focused on securing regional enterprises from sophisticated cyber threats.
Unencrypted Gearbest database leaves over 1.5mil shoppers’ records exposed
Depending on the countries and information requirements, the data could give hackers access to online government portals, banking apps, and health insurance records.