Cyber criminals ramped up attacks on supply chains last year, with incidents rising by 200%, according to a new report.
The report by Symantec stated that: “Despite the EternalBlue exploit wreaking havoc in 2017, the reality is that vulnerabilities are becoming increasingly difficult for attackers to identify and exploit.”
However, in response to this, Symantec said it has seen evidence of an increase in attackers injecting malware implants into the supply chain to infiltrate unsuspecting organisations, with a 200% increase in these attacks—one every month of 2017 as compared to four attacks annually in years prior.
The report went on: “Hijacking software updates provides attackers with an entry point for compromising well-protected targets, or to target a specific region or sector. The Petya/NotPetya (Ransom.Petya) outbreak was the most notable example.
“After exploiting Ukrainian accounting software as the point of entry, Petya/ NotPetya used a variety of methods, spreading across corporate networks to deploy the attackers’ malicious payload.”
Kevin Haley, Director of Symantec Security Response commented: “All of a sudden this is a huge issue.
“This is something organisations really need to be concerned about. It's not just some one-offs.”