NCSC: Attackers compromised channel providers’ software updates in 2017
Hackers are targeting supply chain firms to gain access to commercially sensitive data from them and their customers, according to the UK’s National Cyber Security Centre (NCSC).
A large number of managed service providers (MSPs) were subject to such cyber attacks in 2017, according to the joint report by the National Cyber Security Centre (NSCS) and the National Crime Agency (NCA), which warned channel partners and their customers to take steps to defend against similar attacks this year.
The report, titled ‘The cyber threat to UK businesses 2017-2018’, explained how such attacks, including the compromise of a large number of MSPs, are normally designed to breach confidentiality and integrity, but may also be designed to affect availability, through methods such as supplying defective equipment.
Further opportunities for threat actors to interfere with the supply chain may also be afforded by inserting bugs into hardware and software updates for contracts where partners are responsible for the ongoing servicing of hardware or software.
The report warned: “When done well, supply chain compromises are extremely difficult (and sometimes impossible) to detect.
“Network monitoring can detect unusual or suspicious behaviour, but it is still difficult to ascertain whether a security flaw has been deliberately introduced (possibly as a backdoor) or results from a careless error on the part of developers or manufacturers – or indeed to prove that any potential access has been exploited. Services of almost any sort can be affected, particularly if they involve electronic connectivity or data import.”
Significant examples cited include two software companies, MeDoc and CCleaner, which were compromised at source, leading to their customers being infected with malware when downloading the software or any updates.
The report also recommended a series of measures that businesses and supply chain partners should take to mitigate the risk of such hacking.
It recommends understanding what needs to be protected and why, as well as understanding the security risk, setting minimum security requirements for partners and raising awareness of security within the supply chain, as well as advising partners to meet their security responsibilities and offer support for security incidents.
UK businesses’ cyber threat risk is “bigger than ever”, the NCSC said, and the report revealed there had been there had been 34 significant attacks – defined as attacks that require a cross-government response – between October 2016 and the end of 2017, with 762 less severe attacks across this period.
Other major incidents comprised ransomware and distributed denial of service (DDoS) attacks, massive data breaches, as well as fake news and information operations, while the report also threw the spotlight on emerging threats such as crypto-jacking.
Verizon also released its 11th annual Data Breach Investigations Report today, which highlighted ransomware as the most commonly-seen form of malware over the course of 2017, up from fourth place the previous year, with ransomware infections increasingly affecting business-critical systems rather than just desktops.
This, however, is in contrast with Malwarebytes’ latest quarterly cybercrime report, which outlined that while ransomware detections were up 28% between January and