No matter how robust your internal cybersecurity strategy is, your supply chain could be your weakest [and most costly] link. In a new string of targeted attacks, attackers will target the most vulnerable part of a supply chain to reach their intended victim. This specific hacking operation, known as Tortoiseshell, targets IT providers with malware.
This is a form of supply chain attack with the ultimate goal of compromising customer organizations. The high level of access that IT companies have to client networks makes them an appealing target for hackers. It is important that your IT provider maintains a strict cybersecurity mindset to protect themselves and its customers from falling victim to these attacks.
The Attack
Researchers at Symantec say the group has targeted at least 11 IT providers, most of which are based in Saudi Arabia. Evidence suggests that the attackers gained domain admin level access to at least two of the organizations, enabling them to gain access to all machines on the network. In these two attacks, hundreds of computers were compromised with malware, indicating that the attackers were simply infecting all the machines they could throughout the organizations in order to find key targets.
There is no indication of the origin of these attacks. Compromising a web server can be a simpler approach than the alternative of using a phishing e-mail to compromise their victim. It is known that the attack was carried out by secretly opening an initial backdoor onto compromised computers, allowing attackers to collect information including the IP address, the operating system version and the computer name.
Take Aways
Although the majority of these attacks have targeted Saudi Arabian IT providers, there is no way to predict the end goal of these attackers. You must protect your organization from all angles; from advanced security tools to end user training. It’s also important to perform due diligence on your vendors. Within the last year, supply chain attacks have increased by 78%.
Supply chain attacks are easy ways for cyber criminals to access a large amount of data in one swoop and eliminates the need to target multiple sources. Hackers often exploit weak links such as untrained employees and unpatched vulnerabilities. Cybersecurity awareness training will mitigate phishing attacks and regular patching updates in third party software will secure known vulnerabilities.