Supply chain risks and ransomware
The week is nearing the end. Two topics have stood out to me the past week: Supply chain risks and ransomware.
To manage security within a supply chain
UNICRI released a report called “Technology and Security: Countering Criminal Infiltrations in the Legitimate Supply Chain”. It is an extensive report that focuses on the growing problem of managing security within a supply chain. It is important to reflect on you’re the dependencies in your supply chain and equally assess your own participation in someone else’s supply chain. Can you be infiltrated to access a victim somewhere else in a supply chain? It is not only large corporations that can have complex supply chains, but also small tech companies commonly use multiple vendors to be able to keep costs down and scale efficiently. Cloud services are an excellent example of a service that has become a standard option to cut costs in an IT environment. However, it also separates a company from direct control of their IT systems, making one dependent on secure management by someone else. Supply chain risks exist everywhere, from food to precious metals, fishing, energy and many more sectors.
Ransomware can spread and propagate throughout a supply chain structure, a method used by cyber threat actors with other intentions, for example theft or espionage. A supply chain attack affects not only an intended victim but can also cause havoc among others in the chain. We reported earlier on a ransomware attack against critical infrastructure in the USA that struck the company Colonial Pipeline, leading to a short-term fuel shortage. This week the food sector became a target. JBS USA, a part of JBS Food, got hit with a ransomware attack. It affected its operation and customers in many countries, which has sparked a fear that there will be a price surge in beef prices. As stated earlier, it is not just ransomware that can cause problems in a supply chain. The IT vendor SolarWinds was attacked in 2020 and it affected organisations worldwide, including NATO, European Parliament, and the US treasury department. It is a textbook example of a large-scale supply chain attack.
Have a look at the UNICRI report and the articles for some early summer reading, or head over to ThreatView for more in-depth details on the ransomware and organised crime threats.