CVE-2024-3400: PAN-OS Command Injection Vulnerability in GlobalProtect Gateway. Learn More

CVE-2024-3400: PAN-OS Command Injection Vulnerability in GlobalProtect Gateway. Learn More

Services
Capture
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

twi-managed-portal-color
Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

twi-briefcase-color-svg
Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

tw-laptop-data
Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

twi-database-color-svg
Database Security

Prevent unauthorized access and exceed compliance requirements.

twi-email-color-svg
Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

tw-officer
Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

tw-network
Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Offensive Security
Solutions to maximize your security ROI
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

Third-Party Risk: How MDR Offers Relief as Security Threats Abound

While third-party products and services are crucial to everyday business operations for almost any company, they also present significant security concerns, as high-profile attacks including SolarWinds and MOVEit laid bare. Trustwave research shows the attacks vary by industry but also makes clear the best defense is the stringent application of the latest security measures, including penetration tests, vulnerability scans, and managed detection and response (MDR) services.

A series of recent reports by Trustwave’s SpiderLabs team examined the threat landscape in vertical industries, including financial services, hospitality, manufacturing, retail, and education. Trustwave SpiderLabs has hundreds of security professionals with deep experience in various security realms, including original threat research working worldwide. Simply put, they are on top of the latest global threats.

A quick look at the third-party threats Trustwave SpiderLabs has observed in various vertical industries is enough to get a sense of the problem's scope.

Financial services: The report noted a sharp rise in successful attacks from third-party software and services, including high-profile, supplier-based attack vectors like SolarWinds, 3CX, and MOVEit.

“These attacks can be considered a flanking maneuver because they target the ‘weak side’ of an organization,” the report said. “Through this approach, attackers can access the targeted company’s data and infrastructure even though the company itself may have a relatively high-security maturity.”

The ransomware group Clop has been "heavily associated" with the MOVEit file transfer software vulnerability, the report says: “We have seen hundreds of organizations impacted by this vulnerability, leading to successful breaches. Notable financial services organizations have already publicly reported being affected, including large, well-funded institutions like Deutsche Bank, ING Bank, Charles Schwab and TD Ameritrade, among others.”

Manufacturing: Supply chains, a fundamental component of the manufacturing industry, rely on interdependence. That means a disruption within any part of the chain can trigger substantial downtime across the entire production spectrum. For example, a 2022 ransomware attack against a major supplier led a large Japanese automaker to partially take down its manufacturing processes.

Calling it "one of the most significant supply chain attacks worldwide,” the Trustwave manufacturing report said the downtime caused the company a five percent drop in production.

Retail: The retail industry similarly relies on third-party vendors for services, including point-of-sale systems (POS), payment processing, supply chain management, and customer relationship management. As the Trustwave Retail Sector Threat Landscape report states: “Point of Sale (POS) systems are a prime target for cybercriminals, as they contain sensitive customer data such as credit card numbers. If a POS system is compromised, criminals could steal and use this data to commit fraud.”

Payment processors are also a target. If compromised, “criminals could steal money from retail businesses or their customers,” the report said.

 

How to mitigate against vertical cyber threats

Most of these threats are not unique to a given vertical. The hospitality industry, for example, faces many of the same threats as retail because both rely on POS systems, payment processing, CRM, and more. The MOVEit vulnerability was a factor in numerous industries, including not just financial services but retail, hospitality, and education.

The SpiderLabs team offered specific measures to mitigate third-party risks for each vertical. Some that can apply to almost any vertical include:

  • Recognize that the security of the ecosystem is dependent on the strength of its weakest link.
  • Ensure systems are secure and protected by the latest security measures by conducting regular penetration tests and vulnerability scans.
  • Maintain an inventory management system for all software, including vendor-developed software components, operating systems, versions, and model numbers.
  • Implement a routine vulnerability scan before installing new applications, devices, or technology in the IT environment.
  • Know your supply chain. Inventory all critical suppliers and perform security due diligence regularly.
  • Regularly update software and firmware patches to address known vulnerabilities and reduce the risk of exploitation, including for operational technology software where applicable.
  • Ensure third-party vendor contracts have strict cybersecurity clauses. Such clauses could include mandating regular security audits, immediate breach notification, and compliance with pertinent data protection regulations.

 

How MDR helps address cyber threats

Whilst this is all sound advice let’s add one more bullet point. That “latest security measures” implies: implementing security operations with 24/7 threat monitoring, event correlation, incident investigation, and response capabilities; or, if resources are limited, enlisting a managed detection and response (MDR) service. Adopting the latest security measures also includes deploying endpoint detection and response (EDR), security information and event management (SIEM), and other tools. These solutions generate alerts when they detect anomalies that indicate a potential breach.

Such alerts are helpful, but only if you have the security expertise in-house to accurately assess them in a timely manner. That can be a tall order, given these systems tend to produce a deluge of alerts, the vast majority of which are false positives.

An MDR provider takes on the task of receiving and assessing those alerts. A mature MDR provider will also determine the root cause of the alerts and help with the response. In that regard, it's helpful if your MDR provider also offers related services, such as:

All this should be underpinned by a dedicated team of threat researchers that study the latest tactics, techniques, and procedures of international cyber threat groups, as Trustwave SpiderLabs does.

Third-party threats are all too real, as the Trustwave vertical industry threat report series makes clear. The reports offer sound advice on the issues CISOs and other security professionals need to be aware of to protect their organizations and the mitigation measures to consider. MDR certainly needs to be in that mix. To learn more, visit Trustwave’s MDR page.

Latest Trustwave Blogs

Unlocking the Power of Offensive Security: Trustwave's Proactive Approach to Cyber Defense

Clients often conflate Offensive Security with penetration testing, yet they serve distinct purposes within cybersecurity. Offensive Security is a broad term encompassing strategies to protect...

Read More

Behind the Scenes of the Change Healthcare Ransomware Attack Cyber Gang Dispute

Editor’s Note – The situation with the Change Healthcare cyberattack is changing frequently. The information in this blog is current as of April 16. We will update the blog as needed. April 16, 2024:...

Read More

Law Enforcement Must Keep up the Pressure on Cybergangs

The (apparent) takedown of major ransomware players like Blackcat/ALPHV and LockBit and the threat groups’ (apparent) revival is a prime example of the Whack-a-Mole nature of combating ransomware...

Read More