#1 Trending Cyber Security News & Magazine
Monday, June 5, 2023
No Result
View All Result
The Cyber Express
  • MagazineDownload
  • Firewall Daily
    • All
    • Dark Web News
    • Data Breach News
    • Hacking News
    • Ransomware News
    • Vulnerabilities
    DPRK’s Social Engineering Campaign Targets Think Tanks, Academia, and Media

    DPRK’s Social Engineering Campaign Targets Think Tanks, Academia, and Media

    Billtrust Appoints Ankur Ahuja

    Billtrust Appoints Ankur Ahuja as SVP and Chief Information Security Officer

    NoEscape Ransomware-as-a-Service (RaaS)

    NoEscape Ransomware-as-a-Service (RaaS): Triple-Extortion Affiliate Program Unveiled

    SharpPanda APT Targets High-Level Government Officials From G20 Nations

    SharpPanda APT Targets High-Level Government Officials From G20 Nations

    YKK Ransomware Attack

    LockBit Claims to Hit Global Zipper Giant YKK, Sets 14-Day Deadline

    SmokeLoader Malware

    SmokeLoader Malware Adopts New Tactics, Raises Serious Security Concerns

    Camaro Dragon

    Camaro Dragon Expands Cyber Espionage Operations with TinyNote Backdoor

    Vulnerability In MOVEit Transfer

    Vulnerability in MOVEit Transfer Exploited in the Wild

    Google Workspace security

    A Google Workspace Security Issue Can Allow Data Exfiltration Without Any Logs

    Trending Tags

    • blackbyte ransomware
    • Ransomware
    • lapsus$ ransomware
    • Apple
    • Apple vulnerability
  • Essentials
    • All
    • Compliance
    • Governance
    • Policy Updates
    • Regulations
    Martin Sloan, Five Years Of GDPR

    Five Years of GDPR: There is a Long Way to Run on Cross-Border Data Transfers

    Nokoyawa Ransomware Group

    All You Need to Know About The Nokoyawa Ransomware Group

    StopRansomware Guide

    Updated StopRansomware Guide Warns of Ransomware’s Shape Shifting Tactics

    Microsoft Entra

    Microsoft Build 2023: Microsoft Entra Introduced With New Identity and Access Features

    Data Protection Commission

    Irish Data Protection Commission imposes $1.3bn Fine on Meta

    US Police Auction Seized Cell Phones Without Wiping Data, Sparks Privacy Concerns

    US Police Auction Seized Cell Phones Without Wiping Data, Sparks Privacy Concerns

    disclosing cybersecurity incidents

    Why Victims Fail to Disclose Cybersecurity Incidents, And Why They Should

    Stakeholder Communication During Crisis

    Stakeholder Communication During Crisis: How to Get It Right

    Government Regulation of AI businesses

    Government Regulation of AI businesses: UK Competition Watchdog Launches Review

    • Regulations
    • Compliance
    • Governance
    • Policy Updates
  • Features
    • Cyber Warfare
    • Espionage
    • Workforce
      • Learning & Development
  • Business
    • All
    • Appointments
    • Budgets
    • Mergers & Aquisitions
    • Partnerships
    • Press Release
    • Startups
    Billtrust Appoints Ankur Ahuja

    Billtrust Appoints Ankur Ahuja as SVP and Chief Information Security Officer

    Cybertech Africa

    Cybertech Africa: The Pan-African Event for Innovation and Networking

    IBM Acquired Polar Security

    IBM Acquires Polar Security Reportedly For $60 Million

    World CyberCon Middle East 2023

    World CyberCon Middle East 2023: The Premier Cybersecurity Conference in the Region

    ODIN by Cyble

    Cyble Launches ODIN: A Revolutionary Tool for Unparalleled Internet Exploration

    cybersecurity investments

    Cybersecurity Investments Up in April, Market Watchers Predict Growth of Over $700 billion

    OilRig APT

    Experts Warn of Increased IT Supply Chain Attacks by OilRig APT in Middle East

    World Password Day 2023

    World Password Day 2023: Protect Your Password, Create an Unbreakable One

    national cybersecurity strategy

    US National Cybersecurity Strategy: Businesses, Let’s Start with Disclosure!

    • Startups
    • Mergers & Aquisitions
    • Partnerships
    • Appointments
    • Budgets
    • Research
      • Whitepapers
      • Sponsored Content
      • Market Reports
    • Interviews
      • Podcast
  • EventsCyberCon
    • World CyberCon Middle East 2023
    •  Cyber Security Webinar
    • Endorsed Events
  • ProductsTools
    • Cyble Vision
    • Cyble Hawk (LEA, Govt.)
    • Am I Breached
    • Cyble Odin (Beta)
SUBSCRIBE
  • MagazineDownload
  • Firewall Daily
    • All
    • Dark Web News
    • Data Breach News
    • Hacking News
    • Ransomware News
    • Vulnerabilities
    DPRK’s Social Engineering Campaign Targets Think Tanks, Academia, and Media

    DPRK’s Social Engineering Campaign Targets Think Tanks, Academia, and Media

    Billtrust Appoints Ankur Ahuja

    Billtrust Appoints Ankur Ahuja as SVP and Chief Information Security Officer

    NoEscape Ransomware-as-a-Service (RaaS)

    NoEscape Ransomware-as-a-Service (RaaS): Triple-Extortion Affiliate Program Unveiled

    SharpPanda APT Targets High-Level Government Officials From G20 Nations

    SharpPanda APT Targets High-Level Government Officials From G20 Nations

    YKK Ransomware Attack

    LockBit Claims to Hit Global Zipper Giant YKK, Sets 14-Day Deadline

    SmokeLoader Malware

    SmokeLoader Malware Adopts New Tactics, Raises Serious Security Concerns

    Camaro Dragon

    Camaro Dragon Expands Cyber Espionage Operations with TinyNote Backdoor

    Vulnerability In MOVEit Transfer

    Vulnerability in MOVEit Transfer Exploited in the Wild

    Google Workspace security

    A Google Workspace Security Issue Can Allow Data Exfiltration Without Any Logs

    Trending Tags

    • blackbyte ransomware
    • Ransomware
    • lapsus$ ransomware
    • Apple
    • Apple vulnerability
  • Essentials
    • All
    • Compliance
    • Governance
    • Policy Updates
    • Regulations
    Martin Sloan, Five Years Of GDPR

    Five Years of GDPR: There is a Long Way to Run on Cross-Border Data Transfers

    Nokoyawa Ransomware Group

    All You Need to Know About The Nokoyawa Ransomware Group

    StopRansomware Guide

    Updated StopRansomware Guide Warns of Ransomware’s Shape Shifting Tactics

    Microsoft Entra

    Microsoft Build 2023: Microsoft Entra Introduced With New Identity and Access Features

    Data Protection Commission

    Irish Data Protection Commission imposes $1.3bn Fine on Meta

    US Police Auction Seized Cell Phones Without Wiping Data, Sparks Privacy Concerns

    US Police Auction Seized Cell Phones Without Wiping Data, Sparks Privacy Concerns

    disclosing cybersecurity incidents

    Why Victims Fail to Disclose Cybersecurity Incidents, And Why They Should

    Stakeholder Communication During Crisis

    Stakeholder Communication During Crisis: How to Get It Right

    Government Regulation of AI businesses

    Government Regulation of AI businesses: UK Competition Watchdog Launches Review

    • Regulations
    • Compliance
    • Governance
    • Policy Updates
  • Features
    • Cyber Warfare
    • Espionage
    • Workforce
      • Learning & Development
  • Business
    • All
    • Appointments
    • Budgets
    • Mergers & Aquisitions
    • Partnerships
    • Press Release
    • Startups
    Billtrust Appoints Ankur Ahuja

    Billtrust Appoints Ankur Ahuja as SVP and Chief Information Security Officer

    Cybertech Africa

    Cybertech Africa: The Pan-African Event for Innovation and Networking

    IBM Acquired Polar Security

    IBM Acquires Polar Security Reportedly For $60 Million

    World CyberCon Middle East 2023

    World CyberCon Middle East 2023: The Premier Cybersecurity Conference in the Region

    ODIN by Cyble

    Cyble Launches ODIN: A Revolutionary Tool for Unparalleled Internet Exploration

    cybersecurity investments

    Cybersecurity Investments Up in April, Market Watchers Predict Growth of Over $700 billion

    OilRig APT

    Experts Warn of Increased IT Supply Chain Attacks by OilRig APT in Middle East

    World Password Day 2023

    World Password Day 2023: Protect Your Password, Create an Unbreakable One

    national cybersecurity strategy

    US National Cybersecurity Strategy: Businesses, Let’s Start with Disclosure!

    • Startups
    • Mergers & Aquisitions
    • Partnerships
    • Appointments
    • Budgets
    • Research
      • Whitepapers
      • Sponsored Content
      • Market Reports
    • Interviews
      • Podcast
  • EventsCyberCon
    • World CyberCon Middle East 2023
    •  Cyber Security Webinar
    • Endorsed Events
  • ProductsTools
    • Cyble Vision
    • Cyble Hawk (LEA, Govt.)
    • Am I Breached
    • Cyble Odin (Beta)
No Result
View All Result
The Cyber Express
No Result
View All Result
Home Features

Top 10 Supply Chain Vulnerabilities Explained   

Avantika Chopra by Avantika Chopra
October 22, 2022
in Features, Main Story
0
Supply Chain Vulnerabilities
595
SHARES
3.3k
VIEWS
Share on LinkedInShare on Twitter

Supply chains are a prime target of hackers, who continuously seek backdoor opportunities in firms and organizations that use the technology for their day-to-day operations. Supply chain attacks executed with malicious third-party components has increased more than 700% in the past three years, says a research report by software supply chain management company Sonatype. 

For the uninitiated, a supply chain is the combined network of individuals, organizations, technologies, and resources employed in creating and selling a product.  

You might also like

DPRK’s Social Engineering Campaign Targets Think Tanks, Academia, and Media

How Do ‘Nigerian Prince’ and Other Online Scams Hoodwink Us?

I Was Wrong About the Future…: Mikko Hypponen

It comprises everything from the manufacturer’s unit to the final consumer, where a product’s journey ends. Since many parties are involved in a supply chain, the threat actors use this opportunity to target them, which later disrupts the entire supply chain or causes great financial losses to companies and parties involved in the process. 

Supply chain attacks have always been the top priority for most CIOs in cybersecurity. These attacks are initiated via backdoors with the intent to gain access to assets in multinational corporations. With thousands of vendors participating in one transaction, the threat actors are actively involved in gaining access to at least one of the components in the supply chain. 

In the past five years, major corporations have been the target of supply chain hacks, and it continues to scale in numbers. To fight these hackers, companies must understand these top 10 supply chain vulnerabilities and address them promptly because such an attack could have serious operational, financial, and reputational repercussions. 

List of the top 10 supply chain vulnerabilities  

Cloud Security   

Cloud security is one of the latest concerns for cyber security professionals. Though the cloud offers a seamless experience for storing data and reducing the resource load significantly, it equally qualifies as a lucrative hacking target. Potential entry points for hackers include account hijacking, improper configuration, unlawful access, and vulnerable interfaces.  

All the major IT service providers are now cloud compatible, further amplifying the need to protect assets stored in the cloud. There have been several incidents in the past few months where Cloud assets were exploited. The cloud will continue to influence how businesses run and present numerous security risks and issues.  

Social media  

Social media attacks are growing in number, and it doesn’t seem to be stopping any time soon. From being a mere photo-sharing ecosystem in 2010 to being a full-fledged business, social media has come a long way and continues to evolve into a monetization platform for businesses, individuals, teams, artists, entrepreneurs, and SMEs. 

Multiple data breaches have exposed social networking sites’ vulnerabilities, and users’ careless security practices have been credited to the breach of the most secure social media platforms. These platforms are slowly and steadily becoming the preferred victims of cyberattacks. Among the available social media platforms, Meta’s Facebook has always been the target of hackers. According to a 2022 report by DataProt, 53% of Facebook messages in “hacker groups are related to hijacking credit cards.” 

PDFs  

Created initially as a file format for presenting documents PDF files can be used across different platforms, enabling attackers to mask malware behind the document. These files propagate an alluring phishing method because their plausible appearance tricks users better than the standard text-based email with a direct link to malicious websites. 

Unlike many phishing scams like email fraud and SMS forwarding, PDF hacks frequently don’t ask you to click on a link to provide information. In particular, a potential victim might mistake malware for a bank statement PDF or something that usually doesn’t harm users. Since the probability of falling into a scam reduces on the users’ end, scammers exploit this opportunity and deploy the malware into the system by hiding/masking the malicious files behind the PDF icon.  

Databases 

In the modern world, data is considered gold, and who doesn’t want to get their hands on gold? Like corporations, who actively use data to deploy targeted marketing, hackers can also deploy malware and other malicious codes using the same methodology.  

The recent data leaks from IRS, BidenCash, and Toyota are just a few examples of how data leaks can impact an organization. The data leak has several serious drawbacks — sometimes breaking the entire corporation and the privacy laws for end consumers.  

According to online sources, data leaks can be performed via deploying malware into the systems and using social engineering tactics to steal login credentials. 

Human error   

One of the main reasons for data breaches is employee error. Hackers will always target organizations, and human mistakes allow these hackers to access the inventory and resources of a company. Careless staff members’ activities may result in numerous distinct infractions of legal requirements.  

In a cybersecurity context, human error means unintentional actions – or lack of action – by employees and users that cause, spread or allow a security breach to occur. Some of the most famous human error that becomes the critical point in a data breach includes employing weak passwords, carelessness handling of data, inadequate software security protocols, lack of cyber security awareness, and ineffective data access management.  

SMS  

SMS remains a vital point in supply chain attacks because One Time Passwords (OTP) still rely on phone messages. Many eCommerce brands use SMS to inform customers about their orders. However, hackers also use SMS to launch phishing campaigns. In a standard SMS phishing attack, the threat actor first sends a text message to a user.  

The message body usually contains a link to a fraudulent message. Once the user clicks on that link, they are immediately redirected to malicious websites that often mimic a reputed website to lure the victims. However, these hackers are not limited to targeting the end consumer because there have been cases where these hackers targeted manufacturers and suppliers directly.  

IoT devices  

According to sources, the Internet of Things (IoT) device market is expected to reach $1.1 trillion by 2026. These devices include everything from daily use to complex devices, such as smartphones, modems, smart watches, smart alarm clocks, smart watches, routers, and security systems employed by an organization. 

Since IoT technology is so widely used — both in consumer products and organization devices, there are significant cybersecurity risks, particularly in the supply chain. IoT devices encounter 5,200 attacks on average per month, according to Symantec, and with IoT technology expanding almost exponentially, there is a vast attack surface for fraudsters to exploit. 

No penetration testing   

Penetration testing is one of the best methods to check a company or network’s security. By employing an authorized simulated attack, one can perform a penetration test (pen test) to assess its security and mitigations against actual attacks by hackers. To identify and illustrate the economic effects of a company’s vulnerabilities, penetration testers employ the same tools, strategies, and procedures as attackers. 

A corporate’s network of systems needs to be able to reveal flaws to be as secure as possible. One of the best ways to identify potential weaknesses in a system is through a penetration test. This may apply to a local service, a cloud database, or any other type of technology. However, neglecting these tests can weaken the overall security of the entire organization, which can lead to a supply chain break. 

Phishing  

Phishing is a popular method used by attacks to trick users into revealing information. The process is flexible in its approach, as hackers can use phishing emails, SMS, calls, push notifications, and other forms of contacting the victims.  

In a standard phishing attack, hackers lure victims into clicking a link that downloads malware or takes them to a dubious website (usually via email or text). Sources claim that phishing attacks accounted for one out of every 4,200 emails sent last year and are expected to rise even more this year. 

They account for more than 80% of reported security issues. One in every thirteen web requests, according to Symantec, results in a virus attack, while phishing attacks are thought to cost $17,700 each minute. 

Ransomware  

Ransomware attacks pose a serious risk to businesses with vast supply chains. Ransomware attacks are becoming more common in nations with high numbers of eCommerce companies that use most of the internet for their services. 

According to Symantec, the US thus tops the list with 18.2% of all ransomware attacks. The average ransom in 2021 was $111,605 and is expected to grow ever larger.  An analysis of the reported attacks shows that ransomware gang members usually target five key industries that use the supply chain for their operations: education (15%), municipalities (12%), healthcare (12%), infrastructure (8%), and finance (6%). 

Share this:

  • Click to share on LinkedIn (Opens in new window)
  • Click to share on Reddit (Opens in new window)
  • Click to share on Twitter (Opens in new window)
  • Click to share on Facebook (Opens in new window)
  • More
  • Click to email a link to a friend (Opens in new window)
  • Click to share on WhatsApp (Opens in new window)

Related

Tags: Supply chain attacksSupply Chain VulnerabilitiesThe Cyber ExpressThe Cyber Express News
Previous Post

Mozilla Addresses Vulnerabilities in Firefox Browser, Releases Updates

Next Post

FBI-CISA Warns of Daixin Attack on US Healthcare Sector

Avantika Chopra

Avantika Chopra

Senior Sub-Editor, The Cyber Express

Related Posts

DPRK’s Social Engineering Campaign Targets Think Tanks, Academia, and Media
Espionage

DPRK’s Social Engineering Campaign Targets Think Tanks, Academia, and Media

by Editorial
June 3, 2023
online scams
Features

How Do ‘Nigerian Prince’ and Other Online Scams Hoodwink Us?

by Vishwa Pandagle
June 1, 2023
Mikko Hypponen
Features

I Was Wrong About the Future…: Mikko Hypponen

by Rajashakher Intha (Raj)
May 28, 2023 - Updated on May 29, 2023
2023 Biggest Cyber Attacks
Features

2023 Biggest Cyber Attacks So Far And How to Protect Against Them

by Editorial
May 27, 2023
Volt Typhoon
Espionage

Chinese Espionage Operation ‘Volt Typhoon’ Targets US Critical Infrastructure

by Vishwa Pandagle
May 25, 2023
Next Post
CISA

FBI-CISA Warns of Daixin Attack on US Healthcare Sector

Latest Issue is Out. Subscribe Now

Cyber express

CRIL


Follow Us On Google News

Never miss an update. Subscribe!

* indicates required

mailchimp

Latest Cyber News

DPRK’s Social Engineering Campaign Targets Think Tanks, Academia, and Media
Espionage

DPRK’s Social Engineering Campaign Targets Think Tanks, Academia, and Media

June 3, 2023
Billtrust Appoints Ankur Ahuja
Appointments

Billtrust Appoints Ankur Ahuja as SVP and Chief Information Security Officer

June 3, 2023
NoEscape Ransomware-as-a-Service (RaaS)
Dark Web News

NoEscape Ransomware-as-a-Service (RaaS): Triple-Extortion Affiliate Program Unveiled

June 3, 2023
SharpPanda APT Targets High-Level Government Officials From G20 Nations
Firewall Daily

SharpPanda APT Targets High-Level Government Officials From G20 Nations

June 2, 2023

Categories

Web Stories

Top 10 CISOs to Follow in 2023
Top 10 CISOs to Follow in 2023
Top 10 Ransomware Gangs in 2023
Top 10 Ransomware Gangs in 2023
Top 5 IoT Security Risks in 2023
Top 5 IoT Security Risks in 2023
Top 10 CTF Platforms in 2023
Top 10 CTF Platforms in 2023
Types of Risks Covered by Cyber Insurance
Types of Risks Covered by Cyber Insurance

About

The Cyber Express by Cyble

#1 Trending Cyber Security News and Magazine

The Cyber Express  by Cyble is a handbook for all stakeholders of the internet that provides information security professionals with the latest news, updates and knowledge they need to combat cyber threats.

 

Contact

For editorial queries: [email protected]

For marketing and Sales: [email protected]

For Events & Conferences related information: [email protected]

 

Quick Links

  • About Us
  • Advertise With Us
  • Contact Us
  • Editorial Calendar

Our Address

We’re remote friendly, with office locations around the world:

San Francisco, Atlanta, Rome,
Dubai, Mumbai, Bangalore, Hyderabad,  Singapore, Jakarta, Sydney, and Melbourne

 

Headquarters:

The Cyber Express LLC
555 North Point Center E
Alpharetta, GA 30022, USA.

 

India Office:

Cyber Express Media Network
HD-021, 4th Floor, C Wing, Building No.4. Nesco IT Park, WE Highway, Goregaon East, Mumbai, Maharashtra, India – 4000063

Subscribe to Our Feed

RSS Feeds

Follow Us On Google News
  • Privacy Statement
  • Terms of Use
  • Write For Us

© 2022 The Cyber Express (Cyber Security News and Magazine) | By Cyble Inc.

No Result
View All Result
  • Magazine
  • Firewall Daily
  • Essentials
    • Regulations
    • Compliance
    • Governance
    • Policy Updates
  • Features
    • Cyber Warfare
    • Espionage
    • Workforce
      • Learning & Development
  • Business
    • Startups
    • Mergers & Aquisitions
    • Partnerships
    • Appointments
    • Budgets
    • Research
      • Whitepapers
      • Sponsored Content
      • Market Reports
    • Interviews
      • Podcast
  • Events
    • World CyberCon Middle East 2023
    •  Cyber Security Webinar
    • Endorsed Events
  • Products
    • Cyble Vision
    • Cyble Hawk (LEA, Govt.)
    • Am I Breached
    • Cyble Odin (Beta)

© 2022 The Cyber Express (Cyber Security News and Magazine) | By Cyble Inc.

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.
Top 10 CISOs to Follow in 2023 Top 10 Ransomware Gangs in 2023 Top 5 IoT Security Risks in 2023 Top 10 CTF Platforms in 2023 Types of Risks Covered by Cyber Insurance