Visible to the public Cyber Resilience and ResponseConflict Detection Enabled

TitleCyber Resilience and Response
Publication TypeReport
Year of Publication2018
AuthorsPeter Champion, Rachel Bruenjes, Michael Cohen, Jade Freeman, Ryne Graf, Moh Kilani, Caroline O'Leary, Christopher Pashley, John Ryan, Genevieve Shannon, Grayson Walters, Thomas Wills
Series Title2018 Public-Private Analytic Exchange Program
Pagination1 - 45
InstitutionNational Institute of Standards and Technology
TypeReport
KeywordsC3E, cyber resilience, Cyber Response, cyber threat, cybersecurity, Distribution, Hardware, Malware, NotPetya, ransomware attacks, risk, Software, Supply Chain Attacks, Supply chains, Vendors
Abstract

Another risk posed by the limited number of available vendors is the threat of supply chain attacks. According to researchers at CrowdStrike on June 27, 2017 the destructive malware known as NotPetya was deployed using a legitimate software package employed by organizations operating in Ukraine. The attack used an update mechanism built into the software to provide updates and distribute them to the vendor’s customers. This same mechanism had been used a month earlier to deploy other ransomware attacks. Supply chain attacks exploit a trust relationship between software or hardware vendors and their customers. These attacks can be widespread targeting the entire trusted vendor’s customer base and are growing in frequency as well as sophistication.

URLhttps://www.dhs.gov/sites/default/files/publications/2018_AEP_Cyber_Resilience_and_Response.pdf
Citation Keynode-79998