Cyberattacks Take Further Advantage of Supply Chain Vulnerabilities


This post is also available in: עברית (Hebrew)

What were the major trends in the global cyberspace during 2017? According to a report by Clear Sky Cyber Security, the main attacks were perpetrated by organized crime groups and state actors, Russia being the main state assailant. During the year, cyberattacks aimed at changing public opinion, and harming democracy, elections and public opinion polls. A cyberattack does not consist of merely malware and computer system attack, but can also create dozens of thousands of forged social media profiles and a constant attempt to change public opinion and influence political processes.

Among the main examples were the imposing of fear and deterrence in Ukraine, influencing the US election results, an attempt to change the election results in France, as well as influencing the British public at the Brexit.

The Eggshell Security model has collapsed – the model calls for investing in enhanced security measures at the organization’s “borders” while leaving the heart of the organization unsecured. This caused comapnies a billions of dollars damage.

Widespread attacks on dozens of thousands of computers stopped working this year as result of cyberattacks, and that’s what raised the awareness of companies’ managements all over the globe to cyber threats.

An important increase was registered in successful attacks through the supply chain.

Attacks immediately took advantage of day 1 vulnerabilities during 2017, proving that all the hackers have to do in order to harm an organization was to follow publications regarding new vulnerabilities and take advantage of the time period from publication to the security patching and security update. The WannaCry attack was an example to this tactic.

The financial sector has become a major target to experienced hackers (both state and crime actors) – main banking systems such as the SWIFT and ATM have become a preferred target to cyber attacks, mainly banks in Eastern Europe and the Far East.

Stock exchange institutes and cryptocurrency have also become a preferred target, between dozens to millions of dollars were stolen in this arena during 2017.

The major actors in the cyberspace were russian assailants, both as a state cyber warfare and as criminal cyber groups. The main Russian criminal groups did not focus on Israeli companies during the year.

The most important substantial attack was the Petya/Not Petya against Ukraine in June 2017, apparently by Russian attack units. It caused the largest economic damage ever registered as result of a sole attack, damage evaluated by the companies as $2.1 billion.

Regarding Israel, the report forecasts that there will be an increase in international criminal actors activity within the Israeli cyberspace, and new criminal actors will enter the arena. State assailants that are active against Israel will adopt additional vectors, yet their operational capabilities would be much weaker than the ones in the hands of criminal actors.

The report recommends the following measures:

  • Increase inter-organizational security to a more holistic model
  • Separate networks and disconnect core systems from the internet
  • Establish an emergency array that will enable the company to survive for 1-3 months following a devastating cyberattack.
  • Minimize the time period between publishing a vulnerability patch and its actual implementation.
  • Raise awareness of workers to the attack vectors, with an emphasis on social engineering techniques and major campaigns.