Skip to main content
close search
site logo
Dive Brief

Cyberattacks targeting the software supply chain nearly double

Published July 30, 2018
By
Contributor
Getty

Dive Brief:

  • Infiltration of the software supply chain is one of the most potentially disruptive threats to the critical infrastructure sector. Foreign intelligence services from China, Russia and Iran are the leading sources of cyberthreats targeting economic espionage, according to the 2018 Foreign Economic Espionage in Cyberspace report.
  • Seven significant software supply chain attacks were reported in 2017, compared to only four between 2014 and 2016. Mitigation costs for FedEx and Maersk — victims of the Not Petya, also known as Nyetya, cyberattack last year — were approximately $300 million for each company.
  • Next-generation technologies such as artificial intelligence (AI) and the Internet of Things (IoT) will introduce new attack vectors for which U.S. networks are not prepared. 

Dive Insight:

Foreign and economic industrial espionage represent a continuing threat to American business and the country's security. Foreign nations and terrorist groups target U.S. companies as well as research institutions and universities to uncover technology, intellectual property, trade secrets and proprietary information.

Threat actors including those working on behalf of foreign intelligence services, corrupt the software supply chain, adding malware such as backdoors that allow unauthorized access to networks where information is stored. The goal, according to the report, is to "achieve a range of potential effects to include cyber espionage, organizational disruption, or demonstrable financial impact."

Companies that use the corrupted software could fall victim to ransomware attacks, lose valuable proprietary information and be subject to disruptive activities that could leave them defenseless against state-sponsored competitors.

Regulations in China and Russia force U.S. companies to use local resources, which means government agencies have access to proprietary information and intellectual property. For instance, foreign companies operating in China must store their data within the country and get government permission to move data outside the country. In Russia, the Federal Security Service (FSB) conducts computer code reviews of foreign technology being sold inside the country.

As more data are generated with IoT devices and managed on the cloud, supply chain managers must understand the vulnerabilities of both emerging and legacy technology.

Recommended Reading

Editors' picks

Company Announcements

View all | Post a press release
Redwood Turns Up the Heat: Powers Cost and Service Enhancements for Harbison-Walker Internatio…
From Redwood Logistics
November 22, 2024
Descartes Releases November Global Shipping Report: October Monthly Container Import Volumes R…
From Descartes Systems Group
November 11, 2024
Registration Opens for CLDA’s 2025 Final Mile Forum
From Customized Logistics & Delivery Association
November 13, 2024
Vector Global Logistics Wins U.S. Chamber of Commerce Foundation’s 25th Annual Citizen Award
From Vector Global Logistics
November 05, 2024
Editors' picks
Latest in Risk and Resilience
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell