latest intelligence

PRESENTED BY

Supply chain attacks fall into two main categories : email fraud and third-party software . In these attacks , cyber criminals compromise vendors or service providers in order to attack their customers and partners . Initial supplier compromise is often by phishing or malware . Once inside a supplier system , attackers can impersonate email accounts to initiate phishing , invoicing fraud or other types of attack against customers . Once attackers have breached customer systems , they can steal confidential data , install ransomware or use access to trigger a further wave of phishing or email fraud attacks .

TOOLS OF THE TRADE

Supply chain threats typically involve phishing for credentials ( account takeover ), malware ( Stuxnet , NotPetya , Sunburst , Kwampirs ) and impostor threats like business email compromise ( BEC ).

TYPES

• Business email compromise ( BEC , or email fraud ). Attackers pose as someone the recipient would trust – typically a business partner , supplier or vendor . The recipient is asked to make a wire transfer , pay a fake or altered invoice , divert payroll funds or change banking details for future payments . In some email fraud schemes , the attacker may compromise the supplier ’ s actual email account to pose as the supplier and even piggyback existing email conversations .

• Software supply chain attacks . Attackers gain access to the systems of a software or managed service provider and infect future builds that are then distributed on to customers and partners . Such attacks are rare compared to the forms listed above , but they can affect multiple victims from a single breach . u

DOWNLOAD WHITEPAPERS AT : WWW . INTELLIGENTCISO . COM /

WHITEPAPERS www . intelligentciso . com

15