Monday, October 28, 2013

Subcontractors are for hackers the weakest link in security chain


Hackers use to target subcontractors to hit big enterprises due the poor level of security they offer, in the energy sector this trend is very concerning.

Let’s follow the discussion on the hacking world and the way hackers impact business with their activities. We discussed about the role of hackers for companies and their employment in cybercrime ecosystem.
Let’s try to ask ourselves how would work a hacker in order to hit a company or an organization.
The numerous incidents daily occur teach us that one of the most common way to hack an organization is trying to exploit vulnerabilities within subcontractors networks and in the process that governs the partnership with target entity.
Big enterprises and organizations in many cases have been attacked exploiting the privileges channel of subcontractors, often subcontractor systems have been vulnerable to the attack of hackers and the data of target companies were poorly defended.
The problem seems to be extended to virtually all industries, from energy to the defense, while big enterprises have adopted all the necessary countermeasures to mitigate cyber threats, the economic crisis and the erroneous perception of security as a cost has caused serious misconducts in the subcontractors.
Large companies and organizations are accused of having a lack of careful assessment of the level of security offered by subcontractors, the price is often the only parameter assessed during the acquisition of services and products from third parties.
According  experts at Alert logic the energy industry customers are targeted more often than those in any other industry, the number of cyber threats observed from Jan. 1st to May 23th is nearly 9,000 and more that 50 percent of them is a malware-based attack.
Thirty-one percent of the threats were brute force attacks, in which hackers repeatedly attempt to crack passwords, the report said.
The ICS-CERT issued in July a Monitor report that revealed an intensification for brute force attacks against control systems mainly belonging to the energy sector. The ICS-CERT received notification for more than 200 cyber attacks against critical infrastructure operators between October 2012 and May 2013.
ICS-CERT Monitor Report Energy sector
According the ICS-CERT the victims were targeted by mostly by watering hole attacks, SQL injection, and spear phishing.
Alert logic released a security bulletin remarking the concerning trend.

==> Read More

No comments:

Post a Comment

Support : Relax Viet
Copyright © 2013. Security24h - All Rights Reserved
Design by Namkna
Best View Resolution 1024 x 768 pixel