SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
Cybercriminals make a meal of weakened supply chains
Tue, 22nd May 2018
FYI, this story is more than a year old

Ransomware attacks and other cyber threats are targeting the supply chain in greater numbers.

Key takeaways from Dimension Data's  Executive Guide to the NTT Security 2018 Global Threat Intelligence Report put the spotlight on the business and professional services supply chain, which is now a target for trade secrets and intellectual property theft.

The business and professional services sector was hit by 10% of global ransomware attacks and was the third most targeted industry worldwide.

While ransomware attacks themselves increased 350% in 2017, they only account for 7% of total malware. 75% of ransomware was either Locky or WannaCry.

The finance sector was ranked the number one target for cybercriminals who carry out reconnaissance and look for weak spots in an organisation's infrastructure.

The report says that the technology sector was the second most cyber-attacked industry in 2017, accounting for 19% of attacks..

In Asia Pacific, Attacks against the finance sector decreased from 46% in 2016 to 26% in 2017, but it remained the most attacked sector. This was caused by service-specific attacks.

“There are numerous moving parts to supply chains and outsourcing companies, which often run on disparate and out-dated network infrastructures, making them easy prey to cyber threat actors,” comments Dimension Data's Group CTO for cybersecurity, Mark Thomas.

“Service providers and outsourcers are also a prime target, due to their trade secrets and intellectual property. Businesses need to wise-up to the very real threats against them, and ensure all aspects of their operations are robustly and securely protected.

Across Asia Pacific, 2017 also brought twice the amount of attacks against the education sector compared to 2016 – a jump from 9% to 18%.

According to Dimension Data Australia director of cybersecurity John Karabin, attackers are looking for student records and other personally identifiable information because they are of great value to cybercriminals.

The United States was the top source for attacks targeting Asia Pacific (31%), followed by China (12%), Australia (10%), Romania (6%), and the Netherlands (4%).

The most common attack tools against APAC organisations include viruses or worms (66%), compared to 23% globally. Trojans and droppers accounted for 12% of APAC attacks, compared to 25% globally.

Other highlights from the report:

·       The technology and finance sectors account for 70% of all attacks in the Americas.  The US is a world leader in technology innovation while the finance sector collects and stores a vast amount of personal data which cyber criminals can monetise

·       Education was the most attacked sector in Australia (26%). With an open network model and collaborative environments that enable connectivity and research between students, campuses, colleges, and universities, this is a valuable target.

·       Attacks on the APAC manufacturing sector have dropped to a mere 7% (32% in 2016), because of the adoption of enhanced security governance and proactivity in raising cyber defence.