It was a painful wake-up call.
On July 2, numerous managed service providers (MSPs) and their customers reported being victims of the REvil ransomware. Soon, it was learned that the attackers had leveraged a vulnerability in a remote monitoring and management solution from Kaseya. Within days it was reported that not only were dozens of Kaseya’s direct customers impacted, so were between 800 and 1,500 downstream businesses.
Supply chain attacks are far from hypothetical, and the news headlines continue to provide business leaders with reminders of that fact. For threat actors, the ecosystem of third-party vendors, partners, and suppliers that form the extended to the modern enterprise represents a growing target base for attackers. The situation has become more pressing due to the COVID-19 pandemic, which shifted the risk profile of third-party vendors and complicated the tracking of supply chain risks.
According to recent research from Deloitte, a survey found that more than half of respondents faced one or more third-party risk incidents since COVID-19 officially became a global pandemic on March 11, 2020. Of these, 13% classified the incidents as “high impact” and said they compromised financial performance, impaired customer service, or seriously breached a regulation.
Manual, legacy approaches to managing third-party risks are not effective against modern threats. The sheer number of service providers, technology partners, and suppliers requires that businesses take a more automated approach rooted in web intelligence and threat investigation. At Media Sonar, we believe that when it comes to stopping threats, an ounce of prevention is worth a pound of cure. By mining the open and dark web for insights, organizations can assess the risks posed by both prospective and current partners before those risks become expensive security events.
Look before you leap
As the health crisis around COVID-19 deepened, the impact on the supply chain and third-party vendor relationships became apparent. In addition to the logistical challenges of potential labor shortages and the disruption of suppliers’ expected levels of operation, digital challenges also emerged as more users went remote and attackers looked for ways to take advantage of any security gaps. What did not change, however, was the need to vet partners and suppliers.
Managing third-party risk requires an approach that can build a digital footprint of an organization’s entire third-party ecosystem as well as any potential partners that need to be investigated. Using open-source intelligence and insights from the dark web, organizations of all sizes can detect red flags that pose a business or security risk. The Media Sonar platform uses two types of detection methods to support businesses: ad hoc and threat model searches. Threat model searches match “knowns” up with “contexts.” For example, an organization can use known information about a person, place, or brand and match it with a keyword or group of keywords considered to be of interest. Ad hoc searches, as the name implies, are more freeform. This type of search does not require known data points and instead allows organizations to explore the web to find the “knowns” from the unknown. The fluid structure of these queries also enables users to make their queries as simple or complicated as they like.
Gathering intelligence from across the deep and surface web enables businesses to answer critical questions about risk. With a solid third-party risk management program, they can assess the security and reputation of every part of their supply chain and third-party ecosystem.
Layered onto this capability are domain investigation tools. Assessing the domain attack surface is vital. Typosquat domains are used to mimic an organization’s legitimate domains, frequently for the purposes of launching malicious attacks like business email compromise scams. Identifying suspicious domains and subdomains domains allows organizations to understand the impact a partner will have on their risk profile. Red teams often use subdomain discovery toolkits in their investigations to discover forgotten public areas that might be exposing sensitive information about an organization’s apps, users, or technologies. Private areas, development versions of assets, and unprotected applications can all be found by auditing a comprehensive list of subdomains.
Gathering intelligence from across the deep and surface web enables businesses to answer critical questions about risk. With a solid third-party risk management program, they can assess the security and reputation of every part of their supply chain and third-party ecosystem. Scouring the dark web can uncover everything from stolen credentials to the presence of a supplier’s data on a ransomware extortion site. Having the ability to perform a deep, digital investigation of the reputation and security posture of third parties in an automated fashion makes the gathering and correlating of this type of vital information simpler. With the right approach, business leaders can make smarter assessments about their third-party relationships, and the risks they may be signing on for when they sign on the dotted line.