Security News > 2023 > September > Greater Manchester Police ransomware attack another classic demo of supply chain challenges

The UK's Greater Manchester Police has admitted that crooks have got their mitts on some of its data after a third-party supplier responsible for ID badges was attacked.
Assistant Chief Constable Colin McFarlane of Greater Manchester Police said: "We are aware of a ransomware attack affecting a third-party supplier of various UK organizations, including GMP, which holds some information on those employed by GMP.".
Supply chain attacks are becoming increasingly prevalent, and this latest incident is a reminder to organizations that their security posture can often depend on that of their suppliers.
Caleb Mills, Professional Services director at Doherty Associates, said: "The attack exposing Greater Manchester Police Officers' personal details highlights the importance of holistically assessing an organization's cybersecurity posture - no stone must be left unturned. This is especially true because security controls, no matter how robust, can be rendered ineffective if there are vulnerabilities within the supply chain. Your security is only as strong as its weakest link."
Raj Samani, SVP and chief scientist at Rapid7, said: "The ransomware attack on Greater Manchester Police is another kick in the teeth for public services. An organization is only as secure as its weakest third-party network, and security protocols are only effective if all of their third-party providers are equally secure."
He added: "Cybercriminals are aware of this and will attempt to breach the weakest link in the chain to gain access to systems and steal highly sensitive data. The exposure of sensitive information such as the identities of undercover officers can jeopardise criminal cases, and at worse, endanger officers' lives. Therefore, it is even more important that supply chains are secured." .
News URL
Related news
- China-Linked Silk Typhoon Expands Cyber Attacks to IT Supply Chains for Initial Access (source)
- Ransomware gang creates tool to automate VPN brute-force attacks (source)
- SANS Institute Warns of Novel Cloud-Native Ransomware Attacks (source)
- ⚡ THN Weekly Recap: Router Hacks, PyPI Attacks, New Ransomware Decryptor, and More (source)
- GitHub supply chain attack spills secrets from 23,000 projects (source)
- Supply chain attack on popular GitHub Action exposes CI/CD secrets (source)
- BlackLock ransomware claims nearly 50 attacks in two months (source)
- Google acquisition target Wiz links fresh supply chain attack to 23K pwned GitHub repos (source)
- GitHub Action hack likely led to another in cascading supply chain attack (source)
- TechRepublic EXCLUSIVE: New Ransomware Attacks are Getting More Personal as Hackers ‘Apply Psychological Pressure” (source)