Cybersecurity agency warns of 796 attacks against business, says that hackers will attempt to reach their targets through their suppliers.
Hackers targeting business supply chains and the proliferation of destructive worms are two of the biggest cyber-threats that organisations should prepare to face in the coming year, security experts have warned.
The National Cyber Security Centre (NCSC) -- the cybersecurity arm of GCHQ -- and the National Crime Agency (NCA) have jointly produced a report on the threats cyber-attackers pose to UK business and warn that security risks are continuing to grow.
The Cyber Threat to UK Business Industry 2017-2018 report reflects on what was an extremely busy 2017 in terms of cybersecurity: in addition to needing to fight malware, espionage, and other standard cyber-threats, the UK had to counter the global WannaCry ransomware outbreak after it took some of the National Health Service offline.
The report states that between October 2016 and the end of 2017, the NCSC recorded 34 significant cyber-attacks -- those which required a cross-government response -- while a further 762 less serious incidents, typically restricted to one organisation, were also recorded.
However, there's one area which the NCSC and NCA have outlined as a threat to organisations, no matter how robust their internal cybersecurity strategy is: the supply chain. "It is clear that even if an organisation has excellent cybersecurity, there can be no guarantee that the same standards are applied by contractors and third party suppliers in the supply chain. Attackers will target the most vulnerable part of a supply chain to reach their intended victim," warns the report.
The challenge with supply chain attacks is that they are often difficult to detect if they are done well, as attackers will stealthily make their way into networks, often with the aid of spear-phishing and other techniques designed to steal credentials or create backdoors.
Indeed, the report points to the success of Cloud Hopper, an advanced Chinese cyber-espionage campaign which targeted IT suppliers around the world, as an example of the threat this tactic can pose. The third parties were compromised as a stepping stone towards bigger, more lucrative targets, but still proved to be fruitful for the attackers as many were handling sensitive data.
Last year's NotPetya attack also served as a warning as to what can happen if a supplier is attacked: legitimate software used throughout Ukraine became infected with a destructive ransomware worm. But the attacks weren't limited to within Ukrainian borders -- relationships and supply chain links meant it quickly spread around the world, causing billion of dollars of damage.
Supply chain attacks don't show any sign of letting up or becoming any less damaging soon. "Criminals are highly likely to continue to exploit long-standing and well-known vulnerabilities in victim infrastructure," the report warns.
In order to prevent supply chain attacks, the NCSC and NCA recommend organisations follow the principle of 'least privilege', providing external parties with the absolute minimum access to data required while still able to operate as planned.
The Cyber UK report also covers the WannaCry and NotPetya attacks of last year, both of which were spread with the help of the worm-like capabilities of the leaked EternalBlue SMB exploit. The NCSC and NCA warn that it could only be a matter of time before another worm wreaks havoc.