As cybercriminals look for more new targets that might bear them some profit it appears that they have now shifted some focus towards infiltrating supply chains.
These attacks occur when hacking groups manage to infiltrate servers and components that companies will likely buy from third party suppliers. IT departments would presume that new equipment has not been infiltrated and happily install it onto their networks. This type of attack is now increasing, particularly evident within state-sponsored campaigns that may make it easier for cybercriminals to gain access during the production process.
Igt will come as no surprise that, due to lower costs, the majority of technology components are manufactured in China. These components are then ordered by the manufacturer and they are instructed how to add them to their own equipment. The manufacturing/purchaser configures these components to build their systems locally before sending them on to the final destination. This means that all #malicious components inserted into hardware design will, more than likely, not be detected.
There is a small chance that some groups will carry out penetration tests on new equipment installed into their infrastructure. However, the vast majority of IT professionals will take it for granted that a brand new system will not feature weak points once it is set up and all software remains updated. Sadly there is a possibility that an opening could have been created for cybercriminals to target, allowing private data to be accessed.
Occasionally, new equipment will transmit a signal to alert cybercriminals that malicious components are now operational. Once this is sent it is possible that a hacker could access data, review the network, remove data to a third-party server, download passwords, or configure more malware on other equipment. In more complex attacks, the malicious equipment could allow a state-sponsored threat actor remote management of the local system.
Anything configured on your network should be dealt with carefully until it’s validated and tested. Most system managers conduct tests on new hardware to see to it that there are no bugs or defects so that performance is at an optimal level. It is now just as important to review this hardware for any possible security issues.
Penetration testing should be completed in order to guarantee that there is no chance of malicious activity taking place after the system becomes operational. Any company installing hardware from third parties can mitigate risk by mapping the supply chain carefully. System penetration testing should also be completed to uncover unusual traffic patterns and activity on the local network. Backdoors might be present in order to transmit data back to the cybercriminals.
As the targeting of supply chains becomes more prevalent companies will have to increase their testing efforts to ensure the new hardware is safe before it is made operational within a system. TitanHQ can safeguard supply chains from cybercriminal-led.
Contact the TitanHQ team now to discover more about the cybersecurity solutions that can be added to your company’s security suite.