The critical importance of cyber and data security protections across supply chain systems and Cloud applications landscapes was once again reinforced by a recent U.S. FBI warning of ongoing attacks specifically targeting supply chain software technology companies.
In this Supply Chain Matters blog, we once again highlight this ongoing threat and share insights received from an interview with a cyber security expert.
In both our 2019 and this year’s 2020 Predictions for Industry and Global Supply Chains (Available for complimentary downloading on our Research Center page), we were compelled to include a prediction indicating that proactive cyber and data security defenses and safeguarding remain mandatory. We further indicated that with the increased adoption of Cloud and B2B supply chain platform-based applications among various supply chain management technology landscapes, defenses now include any technology provider’s platforms and applications. Third party platforms need to include provisions in services contracts for active applications and data security measures and safeguarding along with defined security audits.
Recently, ZD.net reported that the U.S. Federal Bureau of Investigation (FBI), part of the Department of Justice, issued a security alert to the U.S. private sector about an ongoing hacking effort that is specifically targeting supply chain software providers.
The effort involves use of the Kwampirs malware virus to gain remote access to a system in order to identify a victim’s strategic partners and/or customers, including those possibly supporting Industrial Control Systems.
This same virus has been implicated in prior attacks against companies in the healthcare, energy and financial industry sectors.
An Expert’s View
To gain some added insights and expert perspectives, this Editor had the opportunity to recently speak with Elad Shapira, Head of Research at Panorays, an automated third-party cybersecurity technology provider.
Shapira initially indicated:
“It’s concerning, but not altogether surprising, that according to the FBI, the Kwampirs malware is being used against supply chain software companies. Kwampirs is a backdoor Trojan that provides attackers with remote access to a compromised computer. Once inside a victim’s network, the malware propagates aggressively, such as by copying itself over network shares.”
He further noted:
“We have seen that malicious actors will use anything in their arsenal to gain access to organizations’ data, and often, the best way to achieve this is by targeting the supply chain partners to which organizations are connected. For this reason, the FBI warning about the Kwampirs malware is just one more wake-up call for organizations to put processes in place to thoroughly assess and continuously monitor the security of their supply chain partners.”
In our continued interview, I asked how significant was this threat? Shapira’s response was that while not that severe, it is the context of a potential attack that should be considered, including the specific industry impacted.
Observing what hackers are really searching for, Shapira indicated that hackers hit as many targets as possible to ascertain specifically what data of value that they can obtain. In the supply chain management analogy, it’s the equivalent of determining the weakest link in the chain, and then exploiting that weakness.
Regarding whether businesses who utilize supply chain management behind the firewall or Cloud based applications be concerned, the response was a definite yes.
Shapira observed that when he and Panorays teams engage in supply chain management focused vulnerabilities they can often find no single point of organizational accountability for cyber security ownership measures, or the basic question of perhaps how many total suppliers does the organization really have, and what access to these suppliers have to information about the customer. The answers sometimes revert to determining which suppliers are actually being invoiced and paid, and that can sometimes provide internal surprises. One cited example was an unnamed casino company where a cyber hack was traced to vulnerability of access from an Aquarium services provider login credentials. He stressed that it is rather important for supply chain management teams to be able to identify the most critical suppliers, not only in monetary, but in critical information security or mitigation dimensions.
A published Panorays blog observes that while some companies may believe that a well-known vendor is and likely to be secure, whereas a smaller supplier’s risk level may be deemed to low or average, both cases may be mistaken. In other words, vendors and suppliers of all sizes can be vulnerable to attacks. Some may be supported by very old software and networks that lack up to date data cyber and data security tools.
When professional cybersecurity teams are asked to respond and neutralize an actual attack, having to spend precious time in determining the supply chain’s profile of critical information diminishes the effective response time, whereas if all of this information is readily known, teams can quickly probe for the vulnerability point.
Our takeaway for readers is heed the warnings and consul of cybersecurity professionals, especially when their advice points directly to the industry supply chain management applications and IT infrastructure landscapes.
© Copyright 2020, The Ferrari Consulting and Research Group and the Supply Chain Matters® blog. All rights reserved.