Content, Content

Cybersecurity Report: Half of Organizations’ Global Supply Chains Compromised by Ransomware Attackers

Cyber Security, Phishing, E-Mail, Network Security, Computer Hacker, Cloud Computing

The supply chains of more than half of global organizations have been hit by a ransomware attack, yet less than half share intelligence about the hijacks with their suppliers or customers, a new Trend Micro report found.

In addition, nearly eight in 10 organizations believe that cyber weaknesses of their partners and customers have made them a more attractive target for ransomware attackers. But only 25% share threat information with their partners, including managed security service providers (MSSP) and managed service providers (MSP) partners.

Threat Intelligence Sharing Problematic

In a survey of more than 2,900 IT decision makers worldwide, Trend Micro found that the problem is exacerbated by less-secured small- to medium-sized businesses comprising a large portion of the supply chain for roughly half of these organizations.

The absence of threat information sharing among organizations, their supply chain customers and partners becomes even more critical when seen in the backdrop of the high profile SolarWinds and Kaseya attacks, both of which featured compromised MSPs.

Among organizations that had experienced a ransomware attack in the past three years, 67% said their attackers contacted customers and/or partners about the breach to force payment, Trend Micro said.

"Many aren't taking steps to improve partner cybersecurity,” said Bharat Mistry, Technical Director at Trend Micro. “The first step towards mitigating these risks must be enhanced visibility into and control over the expanding digital attack surface."

Low Detection Rates for Ransomware Infections

Part of the issue of poor communication may be that organizations don’t have critical information in the first place. For example, according to the study’s data, detection rates were low for ransomware infections, including:

  • Ransomware payloads (63%)
  • Legitimate tooling e.g., PSexec, Cobalt Strike (53%)
  • Data exfiltration (49%)
  • Initial access (42%)
  • Lateral movement (31%)

Trend Micro issued a warning and call for change in it's report:

“The corporate attack surface is increasingly distributed across an extensive supply chain that spans cloud and software providers, professional services firms and other connected entities. Each one of these may have privileged network access or store sensitive information belonging to client organizations. Each one therefore represents a potential security risk which must be addressed. Yet too often supply chains are nebulous and ill-defined, with controls applied in a reactive and haphazard manner, if at all. This must change.”

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.