Security News
Threat actors leveraged a cloud video hosting service to carry out a supply chain attack on more than 100 real estate websites operated by Sotheby's Realty that involved injecting malicious skimmers to steal sensitive personal information. "The attacker injected the skimmer JavaScript codes into video, so whenever others import the video, their websites get embedded with skimmer codes as well," Palo Alto Networks' Unit 42 researchers said in a report published this week.
As 2021 draws to a close, no one in their right mind thinks that cybersecurity risk is just someone else's problem anymore; major cybersecurity incidents like the SolarWinds breach and the Colonial Pipeline ransomware attack have raised cybersecurity awareness among public opinions and decision-makers. Supply chain attackers can take various paths to slip malicious code or components into a trusted piece of software or hardware.
This past year, the pain was felt in two significant ways: through the supply chain disruptions caused by COVID-19, and through the many security breaches that we saw in our key IT suppliers. Many organizations have been caught off guard by the pervasive and long lasting repercussions of the supply chain crunch from COVID-19, exacerbating other supply chain bottlenecks further downstream and causing headaches for consumers and missed revenue targets for major corporations.
Trend Micro released a research detailing the murky cybercrime supply chain behind much of the recent surge in ransomware attacks. "Media and corporate cybersecurity attention have been focused only on the ransomware payload when we need to focus first on mitigating the activity of initial access brokers," said David Sancho, senior threat researcher for Trend Micro.
Whether or not it was a state-sponsored venture, this attack proved to be a huge wake-up call and shone a spotlight on software supply chain attacks. Hence the emergence of one of the key growing attack vectors in 2021: the "Web supply chain attack".
Threats to the supply chain can take many forms, including malware attacks, piracy, unauthorized access to enterprise resources and data, and unintentional or maliciously injected backdoors in software source code. This means putting security at the center of the supply chain and making it a foundational element.
The software industry does not currently track the source of all code, nor does it grade the level of security standards applied in these international code factories. Establish a grading scale to rate each piece of code to more effectively determine the risk a company is inheriting from the code.
64% of survey respondents reported that their companies have concerns about security risks for supply chains. Toss in the COVID-19 pandemic and supply chain disruptions, and it's no wonder that enterprises are shifting their cybersecurity strategies.
As the 2021 holiday season approaches, supply chain and logistics, e-commerce and retail, and the travel industry see predictable increases in consumer and business activity - making them more vulnerable to cyber threats and leaving business, employee and consumer data at risk. In addition to increased consumer spending, the 2021 holiday season sees a significant impact on industries coping with the increase in consumer demands.
Imperva's 12-month analysis on cybersecurity risks in the retail industry suggests that the 2021 holiday shopping season will be further disrupted by cybercriminals looking to create chaos and take advantage of an unprecedented global supply chain crisis. Given the widespread impact of the global supply chain crisis, the impact of a single cyber-attack on a retailer in Q4 could be devastating.