Particularly in the electronics supply chain, intellectual property and product designs are the lifeblood of the organization—and a potentially lucrative draw for cybercriminals. Looking for “quick bucks with minimal effort,” has put the supply chain in the crosshairs of cyber miscreants, according latest Symantec Internet Security Threat Report.
“Cybercriminals are testing and finding successful new attack strategies and then rolling them out across industries. They are escalating their efforts and maximizing their results with fewer attacks,” Matan Or-El, Co-founder and CEO of Panorays, a party of automated third-party security management solutions, told EBN.
In fact, supply chain attacks rose by 78% in 2018, compared to the previous year, Symantec found. One common attack has been dubbed living-off-the-land (LotL) attacks. LotL techniques allow attackers to hide inside legitimate processes. “For example, the use of malicious PowerShell scripts increased by 1,000% last year,” Symantec said.
Symantec blocks 115,000 malicious PowerShell scripts each month, the company said, which accounts for less than one percent of overall PowerShell usage. Unfortunately, blocking these types of threats would lead to disrupting regular business activities. Often, IT organizations need to work toward and invest in more sophisticated types of protection.
“These attacks have put pressure on the entire supply chain, especially on smaller companies that may not have the IT expertise to defend themselves,” said Or-El. “To stay on top of these dynamic cyberattacks, companies must automate continuous monitoring of the supply chain to spot holes in security before cybercriminals leverage them.”
The report analyzed data from Symantec’s Global Intelligence Network, which records events from 123 million attack sensors worldwide, blocks 142 million threats daily, and monitors threat activities in more than 157 countries, the report said.
Other highlights of the report point to more general trends that impact businesses of all types, including electronics OEMs:
- Form jacking attacks abound. Cybercriminals use fake forms to skim credit card information off of legitimate online retail sites. Symantec estimates that 10 stolen credit cards per compromised website can yield attackers up to $2.2 million per month, since single credit card numbers can demand a price tag of up $45 in underground selling forums.
- Ransomeware on the run, but not gone. For the first time since 2013, ransomware attempts are down 20% percent. Unfortunately, for enterprises, attempts actually rose 12%.
- Cryptojacking yields mixed results. Cryptocurrences have dropped precipitously, going down 90% overall in value. That led to cryptojacking attempts to fall as well—falling 52% in 2018. At the same time, a low barrier of entry and low overhead costs will continue to attract criminal attention even as they garner less results.
Take a look at the infographic below from Symantec for more of the survey results.
— Hailey Lynne McKeefry, Editor in Chief, EBN