Hackers Attacking International Suppliers

Cybercrime exploiting vulnerabilities in international supplier’s networks

There’s a saying, “Make sure everybody in your boat is rowing and not drilling holes when you’re not looking.” It’s a great analogy for some of the more recent high-profile incidents of cybercrime. While your company’s best efforts to thwart cyber attacks may be working, your suppliers may be offering up vulnerabilities that are too tempting for hackers to resist. When their systems are infiltrated, yours is also at risk.

A recent wave of attacks has a noticeably common thread within its approach to stolen information. Instead of attacking robust security head-on, the hackers targeted international suppliers. By exploiting vulnerabilities in the suppliers, they were able to access huge swaths of email and direct communication data. From there, they were able to steal login credentials and gain access to the data they really wanted. While each hack has its own unique goal, the bulk of the cybercrime was aimed at harming financial institutions, disrupting American infrastructure and stealing intellectual property.

International Cybercrime on the Rise

U.S. agencies and companies are experiencing a dramatic increase in cyber-attacks from foreign hackers. That news comes courtesy of reports from the United States government and research by FireEye. Both groups have independently confirmed that cyber-attacks from Iran and China are both on the rise. In the meantime, Russian attacks have never ebbed.

To give this more context, a string of attacks in January targeted several major businesses including Boeing, General Electric Aviation, T-Mobile and Airbus. Initially, researchers experienced difficulty identifying the source of the attacks, but later concluded that all of the attacks were part of a unified effort from Chinese hackers. Also noteworthy that during the same period, Iranian hackers were credited with stealing information from a number of United States banks and government agencies.

Increasingly Sophisticated Attacks

The fact that these attacks have been successful caught many security experts off guard as they have sophisticated cybersecurity in place. Government agencies and financial institutions, in particular, have been expecting retaliatory hacking from Iran since a new wave of sanctions hit the country. Even with that anticipation, the hackers were able to find new ways to achieve their goals.

This elevated approach to hacking and the substantial support these nefarious groups have gained offers a valuable lesson. Simply upgrading your own security systems will not always be enough to protect your data, and all this makes the 3-2-1-1 rule for backup strategy imperative. Safeguards and airgaps are necessary to create that extra ring of security between your business and other businesses that regularly interact with you. In the light of the everchanging landscape of cyber security, it’s time to evaluate your own vulnerabilities and ensure a swift plan of action is in place.