Zum Inhalt springen

Turning the tables on the attackers: how to hack the hackers’ supply chains

Today, supply chains are longer, more complicated, and more global than ever. As an ever-increasing spectrum of products, tools, and systems is becoming electronically interconnected, these often non-transparent and heavily-intertwined supply chains are increasingly subjected to various kinds of cyber attacks. Stuxnet is an earlier example of initial infiltration of third-party systems (the Siemens SIMATIC WinCC and PCS 7 control systems) with the goal of physically disrupting the actual target (the Iranian nuclear facility at Natanz) controlled by those systems. Last year’s financially-motivated supply chain attack against the Kaseya software resulted in thousands of managed-service providers being infected with REvil ransomware. Existing power structures, normative frameworks, and the free flow of information come under pressure in times of crisis, such as the Corona pandemic, the war in Ukraine, or during physical blockades (e.g., Suez Canal, Port of Shanghai). Disruptive attacks against the information infrastructure of supply chains can then unfold critical effects not only for the original target and its branch but also for other interdependent sectors. In this article, I argue that this growing interdependency is no exclusive phenomenon for the targets of supply chain attacks. Instead, the increasing diversification of the cybercrime ecosystem offers multiple options for states and law enforcement agencies to disrupt its services.

Mehr EuRepoC-Artikel

  • Research and Analysis
Internationale Cyberkonflikte: Der Blick auf Deutschland und die Welt

23 June 2022
In ihren Lageberichten zur Cybersicherheit in Deutschland zeichnen das Bundesministerium des Innern (BMI 2021: 12) und das Bundesamt für die Sicherheit (BSI 2021) in der Informationstechnologie ein dynamisches Lagebild: die Vergrößerung des deutschen Angriffsvektors, der durch die stetige Digitalisierung weiterer Lebens- und Wirtschaftsbereiche und zuletzt die Home-Office-Regelungen vieler Betriebe wächst; die Zunahme von Ransomware-Attacken mit immer sophistizierterer Schadsoftware; sowie die Wirkung von Sondereffekten wie der Corona-Pandemie, welche insbesondere den Gesundheitssektor in den Mittelpunkt cyberkrimineller Aktivitäten rückte (BMI 2021; BSI 2021).

Welcome to our Cyber Incident Dashboard!

For best results, please view on a desktop device.