Story image

Cybercriminals make a meal of weakened supply chains

22 May 2018

Ransomware attacks and other cyber threats are targeting the supply chain in greater numbers.

Key takeaways from Dimension Data’s  Executive Guide to the NTT Security 2018 Global Threat Intelligence Report put the spotlight on the business and professional services supply chain, which is now a target for trade secrets and intellectual property theft.

The business and professional services sector was hit by 10% of global ransomware attacks and was the third most targeted industry worldwide.

While ransomware attacks themselves increased 350% in 2017, they only account for 7% of total malware. 75% of ransomware was either Locky or WannaCry.

The finance sector was ranked the number one target for cybercriminals who carry out reconnaissance and look for weak spots in an organisation's infrastructure.

The report says that the technology sector was the second most cyber-attacked industry in 2017, accounting for 19% of attacks..

In Asia Pacific, Attacks against the finance sector decreased from 46% in 2016 to 26% in 2017, but it remained the most attacked sector. This was caused by service-specific attacks.

“There are numerous moving parts to supply chains and outsourcing companies, which often run on disparate and out-dated network infrastructures, making them easy prey to cyber threat actors,” comments Dimension Data’s Group CTO for cybersecurity, Mark Thomas.

“Service providers and outsourcers are also a prime target, due to their trade secrets and intellectual property. Businesses need to wise-up to the very real threats against them, and ensure all aspects of their operations are robustly and securely protected.”

Across Asia Pacific, 2017 also brought twice the amount of attacks against the education sector compared to 2016 – a jump from 9% to 18%.

According to Dimension Data Australia director of cybersecurity John Karabin, attackers are looking for student records and other personally identifiable information because they are of great value to cybercriminals.

The United States was the top source for attacks targeting Asia Pacific (31%), followed by China (12%), Australia (10%), Romania (6%), and the Netherlands (4%).

The most common attack tools against APAC organisations include viruses or worms (66%), compared to 23% globally. Trojans and droppers accounted for 12% of APAC attacks, compared to 25% globally.

Other highlights from the report:

·       The technology and finance sectors account for 70% of all attacks in the Americas.  The US is a world leader in technology innovation while the finance sector collects and stores a vast amount of personal data which cyber criminals can monetise

·       Education was the most attacked sector in Australia (26%). With an open network model and collaborative environments that enable connectivity and research between students, campuses, colleges, and universities, this is a valuable target.

·       Attacks on the APAC manufacturing sector have dropped to a mere 7% (32% in 2016), because of the adoption of enhanced security governance and proactivity in raising cyber defence.

SecOps: Clear opportunities for powerful collaboration
If there’s one thing security and IT ops professionals should do this year, the words ‘team up’ should be top priority.
Interview: Culture and cloud - the battle for cybersecurity
ESET CTO Juraj Malcho talks about the importance of culture in a cybersecurity strategy and the challenges and benefits of a world in the cloud.
Enterprise cloud deployments being exploited by cybercriminals
A new report has revealed a concerning number of enterprises still believe security is the responsibility of the cloud service provider.
Ping Identity Platform updated with new CX and IT automation
The new versions improve the user and administrative experience, while also aiming to meet enterprise needs to operate quickly and purposefully.
Venafi and nCipher Security partner on machine identity protection
Cryptographic keys serve as machine identities and are the foundation of enterprise information technology systems.
Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.