The number of “contractor compromise” cyberattacks in Russia has nearly doubled in the first half of 2024. This type of incident involves penetrating the network infrastructure of a large company through a vulnerability in the software of some IT services provider for this large company. These attacks are insidious because they allow hackers to silently infiltrate companies and remain unnoticed for a long time. Maxim Akimov, head of the cyber intelligence unit of SOC CyberART at Innostage, shared statistics on the growth of such incidents with socialbites.ca.
A contractor exposed to such an attack is deprived of confidential information, which leads to disruption of business processes and a significant loss of reputation. However, such attacks have the most serious consequences for the end customer, who are mostly large companies. As a result of the attack, they may face theft, loss of data integrity, financial losses and even the closure of operations, which may lead to bankruptcy.
“In the first half of the year, using cyber intelligence tools, we detect new critical information security (IS) incidents every month, carried out through ransomware viruses (in particular, malware used to violate the integrity of corporate data). There are precedents when attackers stay in the infrastructure for 5-7 months, gradually increasing their privileges in the system and studying the security measures used to predict the most suitable moment to launch the encryptor,” Akimov told socialbites.ca.
The expert explained that attacks by a hacked contractor can surprise even large businesses with high levels of cyber protection. To protect themselves, companies should grant the contractor only the minimum necessary access rights and create “buffer zones” at the points of contact between the IT infrastructures of the two companies.
Previously became known, How many computers were affected by the global Microsoft outage?