Przejdź do treści

Turning the tables on the attackers: how to hack the hackers’ supply chains

Today, supply chains are longer, more complicated, and more global than ever. As an ever-increasing spectrum of products, tools, and systems is becoming electronically interconnected, these often non-transparent and heavily-intertwined supply chains are increasingly subjected to various kinds of cyber attacks. Stuxnet is an earlier example of initial infiltration of third-party systems (the Siemens SIMATIC WinCC and PCS 7 control systems) with the goal of physically disrupting the actual target (the Iranian nuclear facility at Natanz) controlled by those systems. Last year’s financially-motivated supply chain attack against the Kaseya software resulted in thousands of managed-service providers being infected with REvil ransomware. Existing power structures, normative frameworks, and the free flow of information come under pressure in times of crisis, such as the Corona pandemic, the war in Ukraine, or during physical blockades (e.g., Suez Canal, Port of Shanghai). Disruptive attacks against the information infrastructure of supply chains can then unfold critical effects not only for the original target and its branch but also for other interdependent sectors. In this article, I argue that this growing interdependency is no exclusive phenomenon for the targets of supply chain attacks. Instead, the increasing diversification of the cybercrime ecosystem offers multiple options for states and law enforcement agencies to disrupt its services.

Other EuRepoC Articles

  • Research and Analysis
Internationale Cyberkonflikte: Der Blick auf Deutschland und die Welt

23 June 2022
In their situation reports on cyber security in Germany, the Federal Ministry of the Interior (BMI 2021: 12) and the Federal Office for Information Security (BSI 2021) paint a dynamic picture of the situation: The enlargement of the German attack vector, which is growing due to the steady digitalization of further areas of life and the economy and, most recently, the home office regulations of many companies; the increase in ransomware attacks with increasingly sophisticated malware; and the impact of special effects such as the Corona pandemic, which made the healthcare sector in particular the focus of cybercriminal activities (BMI 2021; BSI 2021).

Welcome to our Cyber Incident Dashboard!

For best results, please view on a desktop device.