Top Threat Intelligence Use Cases for Third-Party Risks: Supply Chain Attacks

Top Threat Intelligence Use Cases for Third-Party Risks: Supply Chain Attacks

by rootsun
November 1, 2020

A successful third-party risk program, which includes the various third-party sectors, ought to provide threat information. Detailed vulnerability information will then be used for defined attack scenarios to map hacker workflows. A recent survey conducted by the Ponemon Institute revealed that 59% of organizations have experienced one or more data breaches caused by a third party, costing an average of $7.5 million to remediate.

Third-party incidents resulted primarily in:

The 2020 Third-Party Risk Management Study, Prevalent and Shared Assessments

There are real consequences to not getting third-party risk right.

In February 2020, Prevalent and Shared Assessments partnered together to study current trends, challenges, and initiatives impacting third-party risk practitioners. Below graphics shows 76% of those who replied to the question whether events that originated in a third party in the past two years had an effect on the vendor’s results, followed by operational problems (74%), 55% indicating a breach.

How many incidents of the following types have you experienced within the past two years that have originated with a third-party?

The 2020 Third-Party Risk Management Study, Prevalent and Shared Assessments

What are the biggest cyber challenges for third-party risks?

Cyber criminals are still seeking the easiest, safest, and cheapest route to the weakest link. Third-party providers are attractive targets because many small and medium-sized enterprises have a shortage of proper security resources, facilities, and secure protocols. Most of the time-sensitive and personal information can also be used by SMEs (Small and medium enterprises). The target of a small vendor is much more cost-effective than a big organization with rigorous security protocols.

Spear phishing

Spear phishing is a type of phishing by sending emails to unique and well-researched targets that are meant to be a reputable sender.

Business email compromise (BEC) is an attack in which an attacker gains access to a business email account and imitates the identity of the owner in order to defraud the company, its employees, customers, and partners. In the case of email account compromise (EAC), the fraudster works to compromise the email accounts and maintain persistence. The attacker creates a fake email address based on the personal data of the user (e.g. name, address, telephone number, etc.).

In 2019, employees of a Managed Health Services’ vendor reacted to phishing emails for more than one month to enable hackers to reach numerous email reports. Because of this attack, 31,000 patient records were breached.

Fast phishing detection is very important for organizations to prevent fraud. CTI solutions can alert organizations to newly created phishing domains or subdomains within hours allowing them to take necessary precautions.

Distributed denial of service (DDoS) attacks

Today’s DDoS attacks rely on trying to distort a range of services, including e-mail, internet, networks, and mobile systems.

In 2020, AWS (Amazon web services) was hit by a gigantic DDoS attack. DDoS attacks on AWS were caused by insecure CLDAP (Connectionless lightweight directory access protocol) servers from third-party sources and extended the volume of data sent to the IP address of the victim by 56-70 times.

CTI can provide preemptive protection against DDoS attacks by providing real-time monitoring of botnets and their activities.

Rogue applications

Mobile apps are now a significant component of the modern business model. Often the application is the whole organization. Hackers exploit rogue applications for multiple reasons, such as pillaging rightful owners’ profits by making a clone or stealing user information. Nearly all rogue applications unlawfully use the intellectual property of the rightful owner, whether by trademark breaches or infringements of patents.

In 2017, Google banned from its play store 700,000 malicious applications, up from 400,000 a year ago. RSA found that rogue apps constituted 25% of all fraud attacks in the third quarter of 2018. It accounted for 28% of attacks during the previous quarter.

The threat of rogue applications in the organization is worse when workers are mistaken to use them. When an employee thinks like they have not been supplied with the right IT resources to address their issue, they will often resort to unsanctioned applications or devices. CTI can help you detect fake, infected, changed, or copied applications and applications that indulge in brand abuse. You can spot rogue applications that carry your organization’s name when you upload them to a marketplace, and unlawfully release smartphone software openly without your company’s permission by using CTI provides.

Data breaches

Data breaches are one of the world’s biggest cybersecurity threats for organizations of all sizes. After the attack, much of the data breach loss happens and businesses frequently do not understand that it was breached until months or even years later.

In 2016, data breaches impacted over 4.2 billion records, and global investment in security technologies is estimated to exceed 90 billion dollars in 2018. The weak security of third parties has triggered some of the largest attacks in 2016 and in recent years.

CTI platforms constantly monitor blogs, market places, chat rooms and look for hints or mentions about data breaches and inform organizations about related breaches after CTI analysts’ investigation.

Ransomware attacks

Such malware infects computer systems, restricts access by users to infected systems, and makes them unavailable briefly or indefinitely until a compensation or “ransom” is paid within the specified time frames. It is reported that financial gain from ransomware attacks stood at $1 billion at the end of 2016.

VCPI offers some 110 nursing homes and intensive care centers, including IT consultation, telephone, data storage, and security services in 45 states in the US. Around 80,000 computers and servers that support these facilities are managed by VCPI. In 2019, anonymous attackers deployed a ransomware strain inside VCPI networks to encrypt all of the company’s hosts’ data for its users and request a Bitcoin sum of $14 million. All VCPI clients were affected by this attack.

CTI provides ransomware strategies that improve the preparation and security to reduce this proliferating vector of attack. CTI will help you maneuver and deter ransomware aggressors by proactively reviewing, answering, and remedying programs, directing device hardening, and hunting strategies for risks.

Dark web sales

The dark web is where deception and crime organizations are found. It is the latest business risk hotbed. Regular search engines such as Google or Bing do not index the dark web. Many sensitive data can be found on the dark web for a price.

In the last two to three years, over 89% of companies witnessed a troubling cyber incident with third parties, and that the average company exchanges classified and critical information with 583 third parties. The dark web gives valuable opportunities for hackers to sell sensitive information anonymously.

Toll Group Corporate’s (Australian Maritime Logistics) stolen data including employee names, home addresses, age, birthdates, and payroll details including salary, etc., from its servers were released on the Dark Web in May 2020. After the incident maritime organizations began to consider stopping doing business with a third-party supplier due to a lack of cyber-security protections.

CTI uses advanced intelligence techniques to track the dark web proactively in order to detect lost or hacked employee, client, or third-party vendor information of any company.

How threat intelligence can help for third-party risks?

You need a solution that provides the real threat environment to assess threat effectively in real-time for third parties. Intelligence is one way in which the company gets to recognize the shortcomings in the security of the partners. This additional perspective provides not only existing threats but also a historical vision, which will help to identify, avoid, and address risks even more contextually.

A threat intelligence solution should give you to determine the risk of third parties:

  • To sort large volumes of data rapidly and completely
  • Successful period threat warnings and vulnerability adjustments
  • Transparency of the third-party suppliers’ vulnerability environments

SOCRadar help organizations against supply chain attacks by providing unified threat intelligence solutions

SOCRadar’s ThreatFusion provides actionable insights into future cybersecurity threats with a big data-powered threat investigation module to assist in searching deeper context, real-time threat investigation, and analysis.

SOCRadar’s RiskPrime builds on industry-leading instant phishing domain identification, Credit card monitoring, customers’ PII protecting and compromised credential detection technologies by aggregating and correlating massive data points into actionable intelligence alerts.

SOCRadar’s AttackMapper provides insight and visibility into these assets to discover and monitor everything related to your organization on the Internet to bring the enormous scale of your attack surface into focus.

Discover SOCRadar® Community Edition for free

With SOCRadar® Community Edition, you’ll be able to:

  • Discover your unknown hacker-exposed assets
  • Check if your IP addresses tagged as malicious
  • Monitor your domain name on hacked websites and phishing databases
  • Get notified when a critical zero-day vulnerability is disclosed

Free for 12 months for 1 corporate domain and 100 auto-discovered digital assets.