Trend Micro have announced new research today that reveals Australian organisations are increasingly at risk of ransomware compromise via their extensive supply chains.
Trend Micro commissioned Sapio Research in May and June 2022 to poll 106 IT decision makers across Australia. The research revealed that 68% of Australian IT leaders believe their partners and customers are making their own organisation a more attractive ransomware target. The challenge is particularly acute considering that potentially less well-secured server message blocks (SMBs) make up a “significant” portion of the supply chain for over half (53%) of these organisations.
A year ago, a sophisticated attack on a provider of IT management software led to the compromise of scores of MSPs and thousands of downstream customers. Yet only 45% of Australian organisations share knowledge about ransomware attacks with their suppliers. Additionally, 25% said they don’t share potentially useful threat information with partners.
This could be because organisations don’t have information to share in the first place. Detection rates were worryingly low for ransomware activities including:
- Ransomware malware (69%)
- Legitimate tooling e.g., PSexec, Cobalt Strike (60%)
- Data exfiltration (55%)
- Initial access (53%)
- Lateral movement (33%)
“As ransomware and other cyber threats continue to evolve, the need for proactive security and risk-aware culture has never been greater. We found that 48% of Australian organisations have had a supply chain organisation hit by ransomware, potentially putting their own systems at risk of compromise”, said Mick McCluney, Technical Director, Trend Micro ANZ.
“But many aren’t taking steps to improve partner cybersecurity. The first step towards mitigating these risks must be enhanced visibility into and control over the expanding digital attack surface.”
The supply chain can also be exploited by attackers to gain leverage over their targets. Among organisations that had experienced a ransomware attack in the past three years, 72% said their attackers contacted customers and/or partners about the breach to force payment.
Supply chains are an attractive target because they can offer either a poorly defended access vector or an opportunity to multiply illicit profits by infecting many organisations through a single supplier.
“Attackers are finding holes in Australian organisations’ current defences and profiting from them. Only 26% of Australian respondents feel optimistic about tackling ransomware over the next 12 months. So it’s imperative that these entities prepare themselves in advance, so they are in the best position possible to defend against and respond to ransomware attacks across any part of the business, especially the supply chain.”
What can be done?
“There’s no silver bullet when it comes to reducing ransomware risk in the supply chain. The key is first to gain a comprehensive understanding of the supply chain itself and corresponding data flows, so that high-risk suppliers can be identified. They should be regularly audited where possible against industry baseline standards. And similar checks should be enforced before onboarding new suppliers,” said McCluney.
“Ideally, organisations should mandate the same high security standards they apply internally. Multi-factor authentication and least privileged access, network segmentation, comprehensive preventative controls, and XDR for rapid detection and response, should come near the top of any to-do list. Attack surface management (ASM) tools are also a good idea as they can help organisations understand exactly where they’re exposed.”
“Even better, source ASM and threat prevention, detection and response from the same vendor. That’s the value of Trend Micro One: which helps to eliminate the coverage gaps and high maintenance costs associated with running point solutions, while enhancing the productivity of security teams. Finally, don’t forget to share all the insight these tools generate with partners and suppliers.”
With under half of organisations sharing knowledge about ransomware attacks with their suppliers, and a quarter not sharing potentially useful threat information with partners – this lack of communication and collaboration is where the risk lies. Threat actors are past masters at collaborating to drive successful outcomes. Security leaders should take note.
