Category: Supply Chain

records on the dark web represented by hackers with big hats and laptops in a cartoon style
January 18, 2021

Hackers Leaked 22 Billion Records on the Dark Web in 2020

Hackers leaked over 22 million records on the Dark Web in 2020, putting your business in danger of cyberattacks. Here’s how to mitigate it.

Read More
December 17, 2020

Federal Nation-State Attack Shows Supply Chain Risk Danger

Every organization is in danger of cybersecurity disaster from supply chain risk. Make these moves to mitigate it quickly & cost-effectively.

Read More
student data breach danger represented by a computer screen reading elearning
August 20, 2020

Student Data Breach Danger Also Impacts Businesses

Student data breach danger is growing. So how does a breach like that impact your business? Here are 3 major hazards, and 3 ways to eliminate them.

Read More
third party data breach represented by a burglar reaching through several computer screens to steal data.
July 17, 2020

How Dangerous is a Third Party Data Breach in 2020?

Companies can control their own cybersecurity, but not a business partner’s. How dangerous is a third party data breach?

Read More
April 18, 2019

The Wipro Breach: A Demonstration of Third-party and Supply Chain Risk

Advanced phishing and supply chain vulnerabilities – these seem to be the successful attack vectors that hackers have used to compromise Wipro, an Indian multinational corporation that provides information technology, consulting and business process services. Notable security researcher, Brian Krebs, reports confirmation that a nation-state actor had been inside the company’s systems for months, identifying opportunities to attack its vast customer base – currently, at least a dozen of the firm’s clients have been targeted as a direct result of this breach. Additional sources have claimed that Wipro’s corporate e-mail system had also been compromised for some time, forcing the company to build out a new private system. Who’s the Bad Guy? While the attack has not been attributed to a specific group, security researchers note that it bears a resemblance to those launched by the Chinese hacking group APT10 – almost always beginning with a phishing campaign targeted against a third-party partner. The group has a demonstrated history of attacking Managed Service Providers in order to gain access to a larger swath of targets. Last year, the Australian Cyber Security Center blamed APT10 for attacks on at least nine global service providers, and the UK’s National Cyber Security Centre said it is aware of malicious activity currently affecting UK organizations across a broad range of sectors. Takeaways The Wipro breach seems to be a textbook case of exactly how not to handle a breach. Refusal to acknowledge and inconsistencies in what they will acknowledge have done nothing but increase not only confusion in reporting on the incident, but also mistrust in the company. Additionally, it highlights how critical it is that organizations properly protect their assets and address the vulnerabilities inherent to human error. Companies must extend beyond robust network security and incorporate systematic employee training, supply chain security assessment and ongoing monitoring, and third-party security, among other methods of defense. Last October, the FBI warned Managed Service Providers about the increasing occurrence of Chinese hacking groups targeting them specifically. MSPs have unparalleled access to their clients’ networks, so compromising an MSP can give these groups direct access into dozens, hundreds, or even thousands of businesses and their client data. The number one way attackers penetrate networks is with stolen credentials, according to the alert. ID Agent provides a robust suite of services to address the risks highlighted in the Wipro breach. BullPhish ID™ delivers security awareness training and phishing simulations created specifically to help employees recognize and avoid phishing traps like those used to infiltrate Wipro’s systems. Dark Web ID™ monitors the dark web for employee and supply chain credential exposure, which most often results from using those credentials on third-party websites. SpotLight ID™ provides comprehensive personal identity protection and restoration services for employees and customers, mitigating risk and providing peace of mind.

Read More
August 03, 2017

NotPetya – a Threat to Supply Chains

Ukraine is a nation under digital siege. Over the past few months, it has suffered through four widespread infrastructure attacks, with the Russian government being suspected as the driving force behind the attacks — although to date, there’s no clear evidence of this.

Read More
April 13, 2017

Are You Protected if Your Supply Chain Gets Hacked?

In today’s world, it’s not uncommon for organization’s to have some type of system in place to protect themselves from a potential data breach. Many use secure password protocols, two factor authentication logins and even invest in cyber education for their employees to minimize the possibility of insider breaches.

Read More

Please fill in the form below to subscribe to our blog