Zum Inhalt springen

Turning the tables on the attackers: how to hack the hackers’ supply chains

Today, supply chains are longer, more complicated, and more global than ever. As an ever-increasing spectrum of products, tools, and systems is becoming electronically interconnected, these often non-transparent and heavily-intertwined supply chains are increasingly subjected to various kinds of cyber attacks. Stuxnet is an earlier example of initial infiltration of third-party systems (the Siemens SIMATIC WinCC and PCS 7 control systems) with the goal of physically disrupting the actual target (the Iranian nuclear facility at Natanz) controlled by those systems. Last year’s financially-motivated supply chain attack against the Kaseya software resulted in thousands of managed-service providers being infected with REvil ransomware. Existing power structures, normative frameworks, and the free flow of information come under pressure in times of crisis, such as the Corona pandemic, the war in Ukraine, or during physical blockades (e.g., Suez Canal, Port of Shanghai). Disruptive attacks against the information infrastructure of supply chains can then unfold critical effects not only for the original target and its branch but also for other interdependent sectors. In this article, I argue that this growing interdependency is no exclusive phenomenon for the targets of supply chain attacks. Instead, the increasing diversification of the cybercrime ecosystem offers multiple options for states and law enforcement agencies to disrupt its services.

Mehr EuRepoC-Artikel

  • Research and Analysis
Right Thoughts, Right Words, Right Actions?: The EU’s Application of the Cyber Diplomacy Toolbox

1 Februar 2024
Diese Analyse von Imke Schmalfeldt, Annika Sachs und Kerstin Zettl-Schabath ist die erste, die die tatsächliche Anwendung der Maßnahmen der Cyber Diplomacy Toolbox durch EU-Institutionen und -Akteure in den letzten sechs Jahren genau untersucht. Das Papier beleuchtet die Frage, inwieweit die EU die CDT als Instrument genutzt hat, um eine stärkere Europäisierung der Cybersicherheitspolitik voranzutreiben.

Welcome to our Cyber Incident Dashboard!

For best results, please view on a desktop device.