Dismiss this notice
Panda Dome Complete MakeUSLaugh Mother's Day 2019 Giveaway - https://www.geeks.fyi/showthread.php?tid=6837

Dismiss this notice
Iobit Driver Booster 6 Professional Mother's Day 2019 Giveaway - https://www.geeks.fyi/showthread.php?tid=6777

Dismiss this notice
Advanced SystemCare 12 Professional Mother's Day 2019 Giveaway - https://www.geeks.fyi/showthread.php?tid=6776

Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Avast Blog_ViewPoints: The Supply Chain; aka the Hacker Food Chain
[Image: TVDumYE.png]

Could you be the weak link for hackers?

In December 2018, Chinese nationals Zhu Hua and Zhang Shilong were indicted by the US Department of Justice for involvement with the APT10 hacking group. The APT epithet stands for Advanced Persistent Threat. It is used to specify an elite hacking group, usually one that operates with the endorsement of, or direct employment by, a nation state. These are not run-of-the-mill cybercriminals.

One of the charges levied against Hua and Shilong was involvement in what the Justice Department called the ‘MSP Theft Campaign’. This is better known among security researchers as Cloud Hopper. Managed Service Providers (MSPs) were compromised, but they were not the primary targets – it was their customers that APT10 wished to hack. The MSPs were phished, and their customers’ credentials stolen; giving the APT10 group unhindered access to the real targets via the MSPs’ authorized access details.

This type of attack is known as a ‘supply chain attack’. The true target isn’t attacked directly. Rather its generally less well-defended supply chain – in this case the MSPs – are targeted first.

You may ask yourself, what have state-level hackers and international cyber-espionage to do with me? Possibly – but not necessarily – nothing. But it is important to understand the concept of supply chain attacks and how they could affect us. We all need to know where in the hackers’ food chain we live.

What is a supply chain?

A supply chain is a chain of dependencies in goods or services. If I shop at Wal-Mart, Wal-Mart is in my supply chain. This chain links back to the wholesalers who supply Wal-Mart, and further back to the farmers who supply the wholesalers.

In the tech world, my computer supplier is part of my supply chain – and the manufacturers who develop the parts put together by my supplier are parts of its supply chain. The same applies to software: the developer is part of my chain, and the producers of open source routines used by the developer are parts of its supply chain.

In the other direction, I am part of the supply chain for the company that employs me. That company is part of the supply chain for other companies it supplies. If I sell things, I am the supply chain for my customers.

And so it goes on. Society is a complex interaction of complex supply chains. The problem is that in today’s connected world, suppliers often have online access to the supplied.

In general, the bigger the company, the greater the attraction for hackers – but at the same time, the better it will be defended. This doesn’t happen with the smaller companies that make up the supply chain. Smaller companies are less well-defended; and individuals with their home computers are the poorest defended of all.

Without realizing it, I could be part of a supply chain that links from me to my employer, and from my employer to some of the largest – or even critical – organizations in the country.  
Continue Reading

Forum Jump:

Users browsing this thread: 1 Guest(s)
Latest Threads
Brave Browser Updates
Last Post: silversurfer
Yesterday 20:42
» Replies: 21
» Views: 770
Google Chrome Updates
Last Post: silversurfer
Yesterday 20:39
» Replies: 13
» Views: 529
Magecart Skimmer Poses as Payment Servic...
Last Post: silversurfer
Yesterday 18:50
» Replies: 0
» Views: 23
Attackers Could Use Mobile Device Sensor...
Last Post: silversurfer
Yesterday 18:47
» Replies: 0
» Views: 22
RogueKiller 13.2.1
Last Post: harlan4096
Yesterday 15:49
» Replies: 0
» Views: 26
Mozilla Firefox
Last Post: harlan4096
Yesterday 15:47
» Replies: 25
» Views: 2017
Tor Browser 8.0.2
Last Post: harlan4096
Yesterday 15:45
» Replies: 8
» Views: 232
K-Lite Codec Pack 14.5.0
Last Post: harlan4096
Yesterday 15:43
» Replies: 18
» Views: 514
LibreOffice 6.1.2
Last Post: harlan4096
Yesterday 15:41
» Replies: 6
» Views: 254
AV-Comparatives: Business Security Test ...
Last Post: harlan4096
Yesterday 15:39
» Replies: 0
» Views: 32
Avast! 19.5.4444
Last Post: harlan4096
Yesterday 15:36
» Replies: 0
» Views: 25
MRG Effitas: 360 Degree Assessment & Cer...
Last Post: harlan4096
Yesterday 15:31
» Replies: 0
» Views: 28
Researcher Drops Windows 10 Zero-Day Exp...
Last Post: silversurfer
Yesterday 12:21
» Replies: 0
» Views: 39
Google Warns G Suite Customers of Passwo...
Last Post: silversurfer
Yesterday 12:16
» Replies: 0
» Views: 31
Media Creation Tool for Windows 10 May 2...
Last Post: silversurfer
Yesterday 12:10
» Replies: 0
» Views: 28
Microsoft Confirms New Issues in Windows...
Last Post: silversurfer
Yesterday 12:05
» Replies: 0
» Views: 29
Apple Announces World's First 8-Core Mac...
Last Post: silversurfer
21 May 19 20:35
» Replies: 0
» Views: 43
Microsoft Redesigns Outlook Notification...
Last Post: silversurfer
21 May 19 20:33
» Replies: 0
» Views: 48
Chromium-Based Microsoft Edge Preview fo...
Last Post: silversurfer
21 May 19 20:29
» Replies: 0
» Views: 40
Mozilla Firefox 67 Now Available for Dow...
Last Post: silversurfer
21 May 19 20:27
» Replies: 0
» Views: 36

Staffs Online
There are no staff members currently online.