Third-party data breaches that exploit a bug in a software of a service provider to access the systems of its clients remain a huge threat to organizations.
The AT&T data breach and GoAnywhere zero-day exploitation showcase how cybercriminal groups gained access to 100s of clients linked with the impacted organizations.
GoAnywhere cyberattack victim list affected over 130 clients, including the City of Toronto, Hitachi Energy, Rubrik, and Onex, among others. While the data breach of the telecommunications giant AT&T led to the exposing of over 37 million user accounts.
Third-party exploitation poses security risks to all its client network
Maintaining security against supply chain attacks due to third-party vendors has become a major concern among organizations.
Unauthorized access causing a third-party data breach, supply chain attack, or value-chain attack can be mitigated by maintaining security frameworks that allow access to specific data to authorized users, installing phishing email detection tools, and proactively looking for threats and vulnerabilities with red team effort.
While companies make an effort to safeguard their systems, having a loophole in the security infrastructure of a third-party vendor can make it easier to breach the systems. It has been found that over 60% of data breaches are rooted in the exploitation of vulnerabilities.
Third-party data breach due to exploitation of vulnerabilities
In 2022, over 8,000 vulnerabilities were found in the first quarter, with over 2,06,000 entries mentioned throughout the year.
A study also highlighted that 84% of companies were at elevated risk of cyberattacks due to vulnerabilities that can be easily patched with software updates.
The average gap between the publication of an exploit and the CVEs being released is 23 days. Hence patching vulnerabilities at the earliest and updating to the latest version of the software is of critical importance.
Third-party data breaches are expected to increase in sectors that will or have upgraded to 5G networks.
Technological service providers or vendors ought to be extra cautious, as a malware-injected email accessed by a single employee can allow hackers to infect connected devices.
They can go back to the command-and-control server, take added commands, exfiltrate data, encrypt data, and much more in every system it can move laterally on.
SecurityGen co-founder and CTO , Dmitry Kurbatov addressed the threat posed by 5G technology and said, “This risk from third-party partners is set to increase with the growth of 5G and accompanying ecosystems of non-telco developers, service providers, and other players working together on 5G products and services.”
He further added that 5G networks, with their increased features, also connect a massive number of devices. These devices must be safeguarded from third-party data breaches and attacks by increasing security features in not just 5G products but also other evolving technological solutions.
A file-sharing service provider such as GoAnywhere was exploited to exfiltrate and leak the data of millions of users.
The 2021 cyberattack of the file-sharing provider Accellion FTA also involved hacking it to access its clients’ databases.
Hence, having a team that works towards predicting potential risks, maintaining end-point security, and proactively offering exploitation mitigation tools is the need of the hour.