Cyber Resilience and Response
Title | Cyber Resilience and Response |
Publication Type | Report |
Year of Publication | 2018 |
Authors | Peter Champion, Rachel Bruenjes, Michael Cohen, Jade Freeman, Ryne Graf, Moh Kilani, Caroline O'Leary, Christopher Pashley, John Ryan, Genevieve Shannon, Grayson Walters, Thomas Wills |
Series Title | 2018 Public-Private Analytic Exchange Program |
Pagination | 1 - 45 |
Institution | National Institute of Standards and Technology |
Type | Report |
Keywords | C3E, cyber resilience, Cyber Response, cyber threat, cybersecurity, Distribution, Hardware, Malware, NotPetya, ransomware attacks, risk, Software, Supply Chain Attacks, Supply chains, Vendors |
Abstract | Another risk posed by the limited number of available vendors is the threat of supply chain attacks. According to researchers at CrowdStrike on June 27, 2017 the destructive malware known as NotPetya was deployed using a legitimate software package employed by organizations operating in Ukraine. The attack used an update mechanism built into the software to provide updates and distribute them to the vendor’s customers. This same mechanism had been used a month earlier to deploy other ransomware attacks. Supply chain attacks exploit a trust relationship between software or hardware vendors and their customers. These attacks can be widespread targeting the entire trusted vendor’s customer base and are growing in frequency as well as sophistication. |
URL | https://www.dhs.gov/sites/default/files/publications/2018_AEP_Cyber_Resilience_and_Response.pdf |
Citation Key | node-79998 |