The past 24 months have seen the rise of a cybercriminals’ favourite – Supply Chain Attacks. And where better than to attack the supply chains of banks and other financial institutions. After all that’s where the money is. Rather than directly attacking a bank, hackers go after a bank’s vendors, software providers or services partners. Once they’ve breached the partner, they use the access to launch attacks on banks and their clients, activating ransomware.
The trend is accelerating. Cybercriminal researchers identified 6,604 ransomware attacks worldwide in 2015, a significant year-on-year increase. Meanwhile, the number of Supply Chain Attacks almost doubled with hundreds of incidents claimed by threat actors targeting vendors and software providers. The confluence of these two attack models is contributing to Financial Supply Chain Attacks being a significant risk.
Banks are in complex ecosystems. Banks work with payment providers, cloud providers, software vendors and IT service companies. These create opportunities for attack surfaces and Financial Supply Chain Security Risks.
Why Supply Chain Attacks Are Effective Against Banks
Banks over the past decade have invested heavily in cybersecurity. The new authentication measures combined with improved monitoring and compliance requirements make it harder for the attackers to overcome security hurdles and directly attack banks. For supply chain attackers, the focus today is on identifying less secure entry points along the supply chain.
Supply chain attacks are used against the financial industry because they gain access to multiple financial institutions through vendors. Cyber criminals prefer to attack the vendor who services multiple financial institutions rather than a single bank.
This leaves the financial sector vulnerable to third party cyber security attacks. Vendors need privileged access to banking systems which includes software updates and system integrations and operational platforms. Once an attacker has access to the vendor system, they can use this system to gain access to several institutions.
Ransomware groups use this access to quickly attack banks with ransomware which locks bank systems and demands ransom payments.
The Growing Link Between Supply Chain Attacks and Ransomware
The latest cyber threat intelligence shows ransomware groups are leveraging supply chain attacks for initial access. Over half the supply chain incidents are related to ransomware.
In 2015, the ransomware group Qilin was one of the most active, with a significant number of known victims worldwide. Other groups continued to experiment with new attack methods, targeting vendor networks and popular enterprise systems.
One significant example was exploiting vulnerabilities in Oracle E-Business Suite to affect over 118 global organizations. Some of the victims were in critical infrastructure industries, showing how cyber supply chain attacks in the financial sector can spill over into other sectors.
The rapid growth in ransomware incidents in banks demonstrates how rapidly the threat can be amplified once vendors are involved.
Vendor Systems Are Growing the Threat Surface
Banks rely on extensive supply chains of technology and third-party service providers. Vendors are needed to support payment solutions, financial technologies and cloud services.
These partnerships result in vendor risk for financial institutions. If a vendor is breached, it could lead to data theft, financial disruption or even give hackers network insiders access.
As a result, vendor risk is a central component of cybersecurity. Cybersecurity leaders are paying greater attention to third party risk management in banking to detect risks in vendor supply chains before they are exploited.
This is driving a greater uptake of third party risk management tools that assist financial institutions in tracking vendor security and identifying new threats.
Early Signs of Supply Chain Threats
To protect against supply chain attacks, a bank needs to be able to see beyond its own network. They must know what’s happening in vendor environments, activities by threat groups and vulnerabilities.
Banks can partner with a threat intelligence company to monitor ransomware groups targeting their vendors and scrutinise early signs of compromise.
It’s also important to have dark web monitoring services that can identify stolen credentials, bank card information, or conversations about ongoing cyber attacks. This may serve as an early indicator of upcoming attacks.
When threats arise, quick response is crucial. DFIR tools allow security analysts to investigate an attacker’s entry point, footprint, and rapidly isolate the threat.
Mitigating Risk from Supply Chain Attacks
Mitigating the risks of supply chain attacks involves a technology, process, and vendor management approach.
Banks are adding security requirements to vendor procurement processes, performing supplier risk assessments and implementing continuous monitoring on third party connections. This allows them to identify issues sooner and mitigate ransomware risks.
In addition, financial institutions are focusing on secure coding and better access management for vendor systems. Restricting vendor access and monitoring vendor activity help reduce the impact of a successful attack.
As the ransomware threat landscape evolves, organizations need to secure their supply chain.
Conclusion
The recent supply chain attacks show the nature of today’s cyber threats that exploit financial systems linking many organizations. Financial institutions need to enhance security because they need to secure their systems from both internal and vendor security challenges.
Banks must know their supply chain threats because this helps them secure their operations against ransomware and other cyber threats, and ensures important financial systems are secured. Security teams use intelligence-based systems to monitor vendor networks because these systems help them detect threats in their early stages.
Organizations use Cyble’s third-party risk intelligence solutions to understand their supply chain hazards which enables them to create stronger defenses against new cyber threats.
