< Back
cyberthreat news


S21sec OT Report Ransomware
10 May 2024

The Supply Chain In The Crosshairs Of Cyber-Attacks

Achieving an agile and efficient supply chain is no longer the only objective for companies. Digitalization has given rise to cyber threats entering production chains, which can take complete control of production processes, affecting everything from the manufacturing phase to the distribution phase of the product or service to the end user.

Organizations are increasingly interdependent, so they must not only protect themselves against cyber-attacks that affect their internal structure, but they must also be aware of all the agents involved in their supply chain, including their suppliers. A clear example are some of the major attacks recorded this year, directed at the communication systems of energy organizations in the US and Europe, via technology companies, according to the Threat Landscape Report 2023.

Attacks on the value chain are a type of threat that targets both hardware and software systems implemented in production systems, as well as cloud storage models. Attackers run so-called malware, a type of malicious software that is installed on equipment without the users' knowledge, taking advantage of outdated computer equipment. These programs take full control of the device to steal confidential information, extorting the victim to recover the stolen content.

Given the importance that the protection of their value chain has gained for companies - by becoming the gateway to cyberattacks - the recent European cybersecurity regulation NIS2 has established the supervision of digital service providers as its main objective, extending the scope of its application to entities that operate as service providers and communication networks. According to this directive, both private organizations and public administrations must be aware of the cybersecurity of their suppliers and oblige them to improve their cybersecurity to levels at least equivalent to their own.

There are sectors that are more exposed than others to this type of attack, such as those that provide essential services to citizens, like the health and energy sectors, which are increasingly linked to technology and digital networks. IT activity in the health sector has seen a substantial increase in the last two years, especially after the pandemic, while the energy sector has been heavily affected as a result of the war between Russia and Ukraine. The security of these infrastructures is essential to guarantee the continuity of critical services. For example, a cyber-attack on a city's power grid could lead to hospital activity being paralyzed, or traffic detection as a result of an impact on the traffic light network.

This type of attack was seen after last year's invasion of Ukraine, in which Russian hackers targeted the power grid after the Russian army's ground operation stalled, attempting to cause a blackout through the use of a wiper, a type of malware that destroys the system by deleting the data. Although the latter was neutralized by the Ukrainian authorities, cyberattacks on the country's electricity grid continue to be targeted by Russia through groups such as Sandworm, a hacktivist group linked to the Russian regime that seeks to destabilize foreign countries.

In short, the supply chain is an increasingly exploited vector for cyberattacks, and the strong dependence of the public and private sectors on their suppliers makes them a very desirable target. Given the complexity of having full control of the supply chain, organizations must continually monitor and review their cybersecurity policies, due to the rapid evolution of the threats that surround us.

If your systems are attacked, the data of millions of people could be compromised, and entire cities could be affected by the interruption of essential services. Therefore, the protection of IT, OT, cloud, and hybrid environments requires exhaustive threat monitoring through services such as Managed Detection & Response (MDR), based on automatic monitoring and response to an attack through the use of artificial intelligence.