Cybersecurity firm FireEye announced on December 08, 2020, that a sophisticated group of hackers – now believed to be Russia’s Cozy Bear group – infiltrated their network and stole attack simulation and security testing tools. The nation state hackers gained access to FireEye through a much larger software supply chain attack on SolarWinds – a popular software solutions service provider.
According to reports, the state-sponsored hackers exploited a vulnerability on the latest update of SolarWinds’ Orion IT management software. As many as 18,000 SolarWinds customers – which include several US-based Fortune 500 companies and some agencies of the US and British governments – downloaded trojan malware hiding within the Orion software update.
The SolarWinds attack highlights “one of the most alarming trends” that the cybersecurity and cyber insurance communities are dealing with today, according to Ross Ingersoll, executive risk & cyber account executive at Holmes Murphy, which is the increasing frequency and severity of attacks on managed service providers (MSPs).
“MSPs are becoming heavily targeted. Within the last 12 months, 42% of all cyber breaches have originated at the service provider level,” said Ingersoll. “What this really speaks into is that your company could be doing everything correct, and have the right policies, procedures and security in place, but ultimately, you [could still] be at the mercy of your service providers.
“Simply put, it’s more effective for cyber criminals to attack a service provider, and go through one attack vector that might open up 40, 60, hundreds of different companies, rather than just attacking one company at a time. So, the MSPs are really under a lot of heat, and that’s had a significant ripple effect on the [supply chain].”
SolarWinds, and other similar MSP breaches, have debunked a myth that has been prevalent in the marketplace for some time. Some companies believe that if they outsource their data, or they utilize a third-party service provider, then they’ve eliminated their exposure to cyber or data liability.
“Using those outsourced providers can be a great business decision to make,” said Ingersoll, “but ultimately, the liability costs and potential reputational harm that could ultimately impact your business will still fall on your doorstep.”
One of the most significant supply chain disruption attacks in recent history involved Maersk, one of the largest shipping conglomerates in the world. In 2017, Maersk fell prey to the NotPetya ransomware attack. The initial ransomware demand, which would see the hackers unlock Maersk’s systems, was only $300. However, the shipping giant did not respond to the demand, and ultimately, its entire systems and networks were shut down for an extended period.
“The biggest fallout for Maersk was from their shipping terminals,” said Ingersoll. “They weren’t able to open their gates, so their shipping and receiving [was disrupted]. They weren’t able to let trucks into their terminals or ships into their ports to keep the supply chain moving throughout the world. This ultimately ended up lasting two weeks. That $300 ransom demand ended up costing Maersk about $300 million in supply chain disruption.
“So, the real story there is it’s not always just about your data, or even really about the ransom demands or payments that you may have to end up making. It’s about what it looks like for your business if you have customers or vendors relying on you to keep the supply chain going – not only in terms of disruption, but also the reputational harm that could follow as a result.”