<img src="https://certify.alexametrics.com/atrk.gif?account=kla4t1zDGU20kU" style="display:none" height="1" width="1" alt="">
Contact us
Request demo →
Contact us
German website
search
close

Supply chain attacks threatening more companies

by Cybersprint News 1 Mar 2021

Organisations are constantly being targeted in new ways. Instead of direct attacks, they are increasingly falling victim to attacks via their supply chain. This is worrying, as such events are harder to detect and prevent, especially when most incidents are kept secret…

Means to an end

The Financieel Dagblad (Dutch equivalent to the Financial Times) interviewed our SVP Strategy Eward Driehuis and four other cybersecurity experts on the growing risks of supply chain attacks. Together, they explain that hackers use these third parties as the first step of their attack, as it provides them with a way into many of the connected organisations. Next, they can either move on to their intended target, or use the intel to select individual organisations.

This was also the case with the SolarWinds incident last year, and other software suppliers such as CCleaner in 2017. Hackers can then send malicious ‘software updates’ to their clients, and install ransomware to gain access and encrypt valuable data.

Cases kept confidential

Unfortunately, many of the past supply chain attacks are never shared with the public. A reason could be that the targeted supplier and organisation are unaware of the origin of the attack. Another explanation is that the information is kept secret on purpose. “There is a lot of activity,” Eward says. “However, there aren’t any exact figures as attacks often remain unreported and the people involved sign non-disclosure agreements.”

Following the article, Eward expanded on the topic on BNR news radio. Here, he elaborated on the reasons why these cases are kept confidential, and why it’s hard to determine the motives and identity of the attackers. Is it for financial gain? Or corporate espionage by nation state actors? Listen to his explanation here (in Dutch).

Frank Groenewegen from Deloitte and Matthijs Koot from Secura both plead for better information sharing between third parties, intelligence services, governments and the different organisations they are connected to. That would provide for better insights into these kind of attacks, helping to prepare for future incidents.

Read the full article


Controlling third-party risk

Unfortunately, it’s hard to defend against a supply chain attack. It’s virtually impossible to conduct a full security check on all suppliers using audits and questionnaires. These methods only provide static information and snap-shot results.

Cybersprint offers control over third-party risk through your organisation’s digital footprint. These continuous and dynamic insights show which suppliers you are connected to, and if they have vulnerabilities putting both of your organisations at risk of an attack. This lets you engage in a constructive dialogue with your suppliers, strengthening the cyber-resilience for all parties.

Cybersprint nominated as one of the 10 best cybersecurity providers at Computable

Our team is proud to announce that Cybersprint is nominated for the computable awards 2021 in the category Security & Forensics! With our Attack Surface Management platform, we help organisations monitor their attack surface and mitigate the associated risks within. We are pleased that Computable recognises our approach to help make organisations become more digitally secure.

read more

Hoe websites onopgemerkt voor kwetsbaarheden kunnen zorgen

Trouw heeft onderzoek gedaan naar de digitale veiligheid van een groot aantal Nederlandse overheidswebsites. Hierin komt naar voren dat tientallen sites risico’s vertonen, waarbij je met brute forcing binnen zou kunnen komen. Een gemeenschappelijke factor hierin is dat deze sites gebruik maken van WordPress. Maar in hoeverre is dat doorslaggevend voor de risico’s, en waar moet je op letten bij het beveiligen van dergelijke websites?  

read more

Microsoft Exchange CVE: Ransomware attacks incoming

A new wave of ransomware attacks is incoming. The Microsoft Exchange CVEs have already been extensively leveraged by criminals, resulting in secret access paths into organisations. Now, these attacks are waiting to be weaponised. 

read more

Do you have a question?

Our experts have the answers

Contact us