DailyPost 2875
THIRD PARTY RELATIONSHIP EXPLOITATION
While the cyber security world’s attention remains focussed on ransomware; its variants, and it being delivered as a service, there have been many more disturbing trends which are becoming more and more conspicuous now. The adversaries also continue to develop cloud consciousness with increased use of cloud, and major businesses completely moving on it for a variety of reasons. These trends remain disturbing for sure, but one area which is not being talked about at that length and with the same intensity and scare is the Third Party Relationship Exploitation.
The 2024 Global Threat of CrowdStrike puts this threat at exactly the place it deserves. In 2024 it would be one of the major concerns. The attack on SolarWinds’s Orion software brought this nature of attack to the centre stage in 2020. The recent Microsoft Outage recently can also be attributed to a similar nature of attack. The outcome of both these attacks need not be detailed further, as all basic facts are known and are available in the public domain. Third Party Relationship Exploitation should be given the attention it deserves otherwise it would turn out to be perilous for all of us.
As per the report being quoted it is finding favour with the adversaries. Throughout 2023, the targeted intrusion actors have consistently attempted to exploit trusted relationships. This is extremely critical as it helps in gaining initial access to organisations spanning across multiple verticals and regions. This type of attack scores much better compared to vendor-client relationship. The malicious tooling is deployed via two key techniques. 1) compromising the software supply chain using trusted partners to spread malicious tooling and 2) leveraging access to vendors supplying IT services.
In a hyper connected world this problem needs to be dealt with head on, otherwise we keep on swinging from one pillar to the other post delivering nothing. Investment on cyber security needs to be substantiated by Return on Investment,ROI. It could turn out to be a very difficult task.Security cannot have a direct return on investment. Exactly opposite, the threat actors targeting third party relationships are motivated by the potential return on investment. One attack of this nature opens the whole world of opportunities for the hacker. A compromised organisation leads to hundreds or thousands of follow on targets. “ These stealthy attacks can also more effectively provide an opportunity for attackers seeking to exploit a hardened end target.”
THIRD PARTY RELATIONSHIP EXPLOITATION OPENS UP A PANDORA’S BOX.
Sanjay Sahay
Have a nice evening.