Story image

Cybercriminals make a meal of weakened supply chains

22 May 18

Ransomware attacks and other cyber threats are targeting the supply chain in greater numbers.

Key takeaways from Dimension Data’s  Executive Guide to the NTT Security 2018 Global Threat Intelligence Report put the spotlight on the business and professional services supply chain, which is now a target for trade secrets and intellectual property theft.

The business and professional services sector was hit by 10% of global ransomware attacks and was the third most targeted industry worldwide.

While ransomware attacks themselves increased 350% in 2017, they only account for 7% of total malware. 75% of ransomware was either Locky or WannaCry.

The finance sector was ranked the number one target for cybercriminals who carry out reconnaissance and look for weak spots in an organisation's infrastructure.

The report says that the technology sector was the second most cyber-attacked industry in 2017, accounting for 19% of attacks..

In Asia Pacific, Attacks against the finance sector decreased from 46% in 2016 to 26% in 2017, but it remained the most attacked sector. This was caused by service-specific attacks.

“There are numerous moving parts to supply chains and outsourcing companies, which often run on disparate and out-dated network infrastructures, making them easy prey to cyber threat actors,” comments Dimension Data’s Group CTO for cybersecurity, Mark Thomas.

“Service providers and outsourcers are also a prime target, due to their trade secrets and intellectual property. Businesses need to wise-up to the very real threats against them, and ensure all aspects of their operations are robustly and securely protected.”

Across Asia Pacific, 2017 also brought twice the amount of attacks against the education sector compared to 2016 – a jump from 9% to 18%.

According to Dimension Data Australia director of cybersecurity John Karabin, attackers are looking for student records and other personally identifiable information because they are of great value to cybercriminals.

The United States was the top source for attacks targeting Asia Pacific (31%), followed by China (12%), Australia (10%), Romania (6%), and the Netherlands (4%).

The most common attack tools against APAC organisations include viruses or worms (66%), compared to 23% globally. Trojans and droppers accounted for 12% of APAC attacks, compared to 25% globally.

Other highlights from the report:

·       The technology and finance sectors account for 70% of all attacks in the Americas.  The US is a world leader in technology innovation while the finance sector collects and stores a vast amount of personal data which cyber criminals can monetise

·       Education was the most attacked sector in Australia (26%). With an open network model and collaborative environments that enable connectivity and research between students, campuses, colleges, and universities, this is a valuable target.

·       Attacks on the APAC manufacturing sector have dropped to a mere 7% (32% in 2016), because of the adoption of enhanced security governance and proactivity in raising cyber defence.

Cofense launches MSSP program to provide phishing defence for SMBs
SMBs are highly susceptible to phishing attacks, and often lack the resources necessary to stop advanced threats
Hillstone CTO's 2019 security predictions
Hillstone Networks CTO Tim Liu shares what key developments could be expected in the areas of security compliance, cloud, security, AI and IoT.
Can it be trusted? Huawei’s founder speaks out
Ren Zhengfei spoke candidly in a recent media roundtable about security, 5G, his daughter’s detainment, the USA, and the West’s perception of Huawei.
Oracle Java Card update boosts security for IoT devices
"Java Card 3.1 is very significant to the Internet of Things, bringing interoperability, security and flexibility to a fast-growing market currently lacking high-security and flexible edge security solutions."
Sophos hires ex-McAfee SVP Gavin Struther
After 16 years as the APAC senior vice president and president for McAfee, Struthers is now heading the APJ arm of Sophos.
Security platform provider Deep Instinct expands local presence
The company has made two A/NZ specific leadership hires and formed several partnerships with organisations in the region.
Half of companies unable to detect IoT device breaches
A Gemalto study also shows that the of blockchain technology to help secure IoT data, services and devices has doubled in a year.
Stepping up to sell security services in A/NZ
WatchGuard Technologies A/NZ regional director gives his top tips on how to make a move into the increasingly lucrative cybersecurity services market.