Aussie businesses' supply chains compromised by ransomware
Cybersecurity firm Trend Micro has announced new research that reveals Australian organisations are increasingly at risk of ransomware compromise via their extensive supply chains.
According to Trend Micro, over the past two years, cyber has come to dominate boardroom risk calculations, with ransomware unquestionably the pre-eminent concern of IT and business leaders.
One analysis reveals a 105% surge in ransomware last year, with hundreds of millions of attacks detected. That's due in no small part to a surge in threats during the pandemic, which capitalised on digital investments and home working.
"The corporate attack surface is also increasingly distributed – across an extensive supply chain that spans cloud and software providers, professional services firms and other connected entities," Trend Micro says.
"Each one of these may have privileged network access or store sensitive information belonging to client organisations. Each one therefore represents a potential security risk which must be addressed. Yet too often supply chains are nebulous and ill-defined, with controls applied in a reactive and haphazard manner, if at all. This must change."
Trend Micro commissioned Sapio Research in May and June 2022 to poll 106 IT decision makers across Australia. The research revealed that some 68% of Australian IT leaders believe their partners and customers are making their own organisation a more attractive ransomware target.
The challenge is particularly acute considering that potentially less well-secured small and medium businesses make up a significant portion of the supply chain for more than half (53%) of these organisations.
A year ago, a sophisticated attack on a provider of IT management software led to the compromise of scores of managed service providers and thousands of downstream customers. Yet, according to the research, only 45% of Australian organisations share knowledge about ransomware attacks with their suppliers. Additionally, 25% said they do not share potentially useful threat information with partners.
Trend Micro says this could be because organisations do not have information to share in the first place. Detection rates were worryingly low for ransomware activities including:
- Ransomware malware (69%)
- Legitimate tooling e.g., PSexec, Cobalt Strike (60%)
- Data exfiltration (55%)
- Initial access (53%)
- Lateral movement (33%)
"We found that 48% of Australian organisations have had a supply chain organisation hit by ransomware, potentially putting their own systems at risk of compromise," says Mick McCluney, Technical Director at Trend Micro Australia and New Zealand.
"But many are not taking steps to improve partner cybersecurity. The first step towards mitigating these risks must be enhanced visibility into and control over the expanding digital attack surface," he says.
McCluney says the supply chain can also be exploited by attackers to gain leverage over their targets. Among organisations that had experienced a ransomware attack in the past three years, 72% said their attackers contacted customers and/or partners about the breach to force payment, the report shows.