Cyber reconnaissance isn’t just about protecting your organization – it’s also about keeping an eye on your business partners and supply chain.
This is important, as attackers often find it easier to breach third-party suppliers and move laterally into well protected organizations. Larger organizations – including government institutions – typically have strong, mature security programs which still allow their business partners access to their systems, customers, and brand. The providers and suppliers, on the other hand, are often not as meticulous in their security, and make easy targets through which threat actors can gain access to the large organization’s data. In the last week we saw major breaches at suppliers and providers like WiPro, where a breach resulted in access to the larger enterprise through network connectivity and trusted communications. Utilizing cyber reconnaissance in addition to traditional vulnerability data provides a more comprehensive view of how business partners’ policies and security programs are operating.
From a supply chain perspective, any intimate knowledge of a business or government could also contribute to infiltration and compromise. A recent dump of government contractor data by a well-known hacker collective on a popular underground forum provides a concise target list for attackers who wish to gain access to US government assets. The breach appears to have been from a supply chain database, highlighting vendor names, contract codes, points of contact, and myriad other useful data to aid in targeted attacks such as phishing campaigns.
The threat actor is offering two CSV files of Government Entities and their private vendors; those files are “GovernmentEntities.csv” (36 MB) and “vendorsfile.csv” (221 MB). They are being offered for sale on multiple underground and illicit forums. The database schema/fields exposed were:
VENDOR_KEY, VENDOR_NAME,VENDOR_LEGAL_NAME, VENDOR_BESTNAME,VENDOR_ALTERNATE_NAME, VENDOR_DBA,TICKER,VENDOR_CAGE, BUSINESS_TYPE,BUSINESSTYPES,PARENT_VENDOR_KEY, CAPABILITIES,VENDOR_ADDRESS1, VENDOR_ADDRESS2,VENDOR_CITY,VENDOR_STATE,VENDOR_ZIP, VENDOR_COUNTRY, VENDOR_CONGRESSIONAL_DISTRICT,VENDOR_PHONE,VENDOR_URL, COUNTRYOFINCORPORATION, STATEOFINCORPORATION, WENDOR_CASENO81, HUBZ_EXIT_DATE, LAST_UPDATE_DT,LEGAL_STRUCTURE,IS_SOLE_PROPRIETOR, CONTRACTOR_NAME, VENDOR_CONTACT, VENDOR_CONTACT_TITLE,VENDOR_EMAIL,VENDOR_FAX, VENDOR_GRAD81
Figure 1: Screenshot of a sample of the information included in this dump.
This is just the latest example of an organization’s supply chain being targeted. Using cyber reconnaissance could help organizations identify when their supply chain is being targeted so they can adjust security programs accordingly.
Knowing that the supply chain is a target and entry point, enterprises should consider conducting regular third party assessments to understand the security posture of their third parties. GroupSense’s FirstRecon and AllyRecon solutions can provide swift visibility to leaks caused by third party or supply chain vulnerabilities, allowing the primary organization to make the necessary adjustments to risk and fraud processes around third party interactions. You can learn more by contacting us.