Back to Hub

Trends in Cybersecurity Risks: Will 2018 See More Indirect Supply Chain Attacks?

01/09/2018 By

Adobe Stock

2018 may be the year we see more indirect supply chain attacks and compromised industrial control systems, according to a new report from consulting firm Booz Allen Hamilton on trends in cybersecurity risks.

In “Foresights 2018,” the report authors outlined nine predictions on what may happen in the world of cybersecurity this year, from outsourced hacking to supply chain infiltration and cryptocurrency theft. We’ll look at a few of these predictions in this post.

Interlinked Supply Chains

Last September, CCleaner, a moderately popular computer software that deletes unwanted and temporary files, was compromised by hackers who sought to target technology and telecom firms that operate in the supply chains of Fortune 500 companies.

The Booz Allen report points out that the method behind the CCleaner incident could wreak serious damage if used to attack a “truly popular piece of software.” Hackers could thus use an attack against the supply chain of a small software provider as a way to infiltrate much bigger supply chains.

Crypto-Kleptocracy

North Korea denied that it was behind the massive WannaCry cyberattack of May 2017, but the country’s involvement is hardly unlikely. The rise of cryptocurrencies like bitcoin and ethereum means that countries won’t necessarily need to cooperate with the international community in order to survive financially: a potential lifeline for pariah states.

Such states might set up cryptocurrency transactions using a shell company in a neutral nation or use malware to steal cryptocurrency. Take for example the 2014 breach of Mt. Gox, a Tokyo-based bitcoin exchange that lost 850,000 bitcoins (then valued at more than $450 million), or the CoinDash breach that occurred last year (thieves made off with $7 million in Ethereum).

Manufacturers Beware

In recent years, there has been an increase in cybercriminals targeting manufacturers, and a survey conducted by the cybersecurity company Kaspersky Lab of more than 900 industrial companies revealed that 28% faced an attack in 2017, versus 20% in 2016.

The Booz Allen report suggests that “it is only a matter of time before cybercriminals realize that targeted extortion attacks against manufacturers and specifically industrial control systems (ICS) are profitable endeavors, given how integral these systems are to everything from the manufacturing process and server farms to shipping and logistics companies and agricultural systems.”

Fortunately for manufacturers, carrying out such an attack will require a degree of technical skill. Beyond simply obtaining access, cybercriminals will need to be familiar with ICS-based manufacturing operations, as well as with physical and communication processes.

A “One-Stop Shop”

A particularly worrisome prediction is the one that 2018 will see more cyberattacks that aim to compromise third-party software libraries and software development kits. These libraries can be used as a one-stop shop in the sense that one successful malware attack can then affect any application that uses the library.

The report notes that demand for these third-party libraries and software development kits is on the rise, along with the risk of cyberattacks against them. Small and medium-sized organizations that have smaller risk budgets may want to opt for closed-source software instead.

You can check out the full report for yourself here. If you want to learn more about cybersecurity and other risks from a tech solution standpoint, don’t miss Spend Matters’ Supply Risk Management and Compliance Landscape Definition and Overview.