On April 20th 2021, Apple held its latest Keynote event, unveiling a host of new gadgets for their eager fans. But for infosecurity professionals, one of the most interesting bits of news came before the event, as it emerged that a damaging ransomware attack had hit one of Apple’s Taiwan-based manufacturers.
As reported by The Record, Quanta Computer, the world’s biggest laptop manufacturer and one of the top manufacturers of Apple products, was hit by an attack orchestrated by a ransomware gang known as ‘REvil.’
In a dark web forum, REvil claimed that Quanta had refused to pay the ransom they had demanded; reportedly an eye-watering $50 million USD. In retaliation, the group is targeting Quanta’s most high-profile customer: Apple.
REvil posted schematics of Apple’s latest MacBook computers hours before the official announcement and have threatened to post new leaks every day until either Apple or Quanta pay the ransom they demanded.
What Does This Attack Tell Us?
This attack is the latest example of how attackers are growing smarter and more determined in their attempts to gain access to data. You could have the best security team in the world (and back in 2016, Apple claimed they did!), but you’re only as strong as your weakest link. For some organizations, this isn’t an internal weakness, but one of their supply chains.
Supply chain attacks – when someone accesses your systems or data through an outside provider – have become a major issue for organizations. Attackers consider supply chains the ‘”soft underbelly” of some large enterprise organizations, an easy way to gain access to otherwise highly secure and difficult-to-penetrate systems.
This isn’t the first time tech companies have been affected by attacks like this. Back in 2014, Facebook and Google were conned out of a combined $200 million in a phishing attack impersonating a third-party supplier, in a continuous scam that took place for over two years before it was detected.
However, an analyst from Recorded Future told The Record that the latest attack against Apple was the first high-profile case of a ransomware gang going after a customer of the ransomware victim, rather than the target itself. And it’s certainly not likely to be the last.
Supply Chain Attacks On The Rise
Supply chain attacks are becoming increasingly common globally, as attackers look for the easiest routes to access sensitive information. And, alarmingly, these types of attacks were up by a staggering 430% in 2020 according to the 2020 State of the Software Supply Chain Report by Sonatype. A report by the Identity Theft Resource Centre found that 694 entities had been affected by a supply chain attack last year, with 42,323,106 individuals impacted.
Last year, Jon Clay, Director of Global Threat Communications at security firm, Trend Micro, told Expert Insights: “Island Hopping and supply chain attacks are on the rise. We’re going to see them becoming more and more of a problem.”
The National Cyber Security Centre (NCSC) in the United Kingdom outlines four key examples where supply chain attacks are a major risk: third-party software providers, website builders, third party data stores and so-called “watering hole attacks.”
If you produce software or hardware, you are especially vulnerable to these types of attacks, as can be seen in the case of SolarWinds. When their networking tools were breached last year, multiple government agencies and as many as 250 organizations were affected, according to a report from The New York Times.
So, How Can You Keep Your Business Safe?
It doesn’t matter if your organization has thousands of employees around the world or if you’re running your team solo. We all rely on third-party organizations for the success of our business. So, how can we ensure the safety of our data when it’s being managed by a third-party?
Numerous regulatory frameworks already provide third-party risk testing – especially in the financial and healthcare sectors. In their guide, CSOONLINE recommends that enterprise organizations should demand more rigorous testing of third-party organizations, with more regulations to help limit these attacks.
When it comes to dealing with ransomware, the best way for organizations to protect themselves is to implement effective anti-virus software, email protection, and a data-backup and recovery plan.
The majority of ransomware attacks are delivered via phishing emails, and so having a strong email security solution in place is an effective layer of protection against ransomware. Data recovery is also important – but as in Apple’s case, it’s not much use when attackers are threatening to leak your sensitive data, rather than simply destroying it. Having strong enterprise endpoint protection in place is the best way for small businesses to secure their data against ransomware attacks.
Supply chain attacks are likely to continue to increase as cyber-criminals look to emulate the success of these high-profile attacks. Small businesses and large enterprises are both affected – so it’s critical to invest in the systems that can secure you, and your partners, against these threats.