Home Malware Global companies say supply chain partners expose them to ransomware

Global companies say supply chain partners expose them to ransomware

Source Link

Global organizations say they are increasingly at risk of ransomware compromise via their extensive supply chains. 

Out of 2,958 IT decision makers across 26 countries in North and South America, Europe, and APAC, 79% believe their partners and customers are making their organization a more attractive ransomware target, according to the latest research by Trend Micro. 

Fifty-two percent of the global organizations surveyed say they have a supply chain partner that has been hit by ransomware. Supply chain and other partners include providers of IT hardware, software and services, open-source code repositories, and non-digital suppliers ranging from law firms and accountants to building maintenance providers. They make for a web of interdependent organizations. 

“Supply chains are an attractive target because they can offer either a poorly defended access vector and/or an opportunity to multiply illicit profits by infecting many organizations through a single supplier,” the research report notes. 

An example of this is the compromise of IT management software provider Kaseya in 2021. Through a sophisticated attack, hackers exploited an internal software vulnerability to push out malicious updates to its managed service provider customers. They in turn infected downstream customers with ransomware. An estimated 1,500-2,000 organisations were impacted.

 Another example is the Log4j vulnerability that saw supply chains experiencing difficulties when it came to keeping track of and patching flaws. Firms are still facing problems as they are unable to comprehensively locate the presence of Log4j across their systems, due to complex software dependencies, according to the Trend Micro research.  

Copyright © 2022 IDG Communications, Inc.

Related Articles

Leave a Comment