Black Hat Asia
March 26-29, 2019
Singapore
Black Hat USA
August 3-8, 2019
Las Vegas, NV, USA
Black Hat Europe
December 3-6, 2019
London UK
10/25/2018
12:00 PM
John Wilson, Field CTO, Agari
John Wilson, Field CTO, Agari
Event Updates
50%
50%

Stop Doing Business with Cybersecurity Cheapskates

I live in a suburban city in Silicon Valley. Every year, at least one or two homes in my
neighborhood get tented for termite fumigation. I’ve had to do my own home three times in the past 25 years. During that time, I’ve seen pretty much every house on my street tented at least once except for one a few doors down from me. Also, this particular house doesn’t bother to mow their lawn, their driveway is overrun with weeds, and there are enough dead leaves and branches on their roof to make the entire neighborhood a fire hazard.

By now, you’re probably wondering what any of this has to do with cybersecurity. I’ve got
security cameras, smoke detectors, CO detectors, motion-activated lights, and a solid fence
around my yard. Yet, no matter what I do to protect my own property, my neighbor will continue to be the weakest link in the security of my home. Until my neighbor kills off the termites that make their way from his walls to every house on my block, I’m going to need to keep tenting my house every 8-10 years. My smoke detectors may save my life, but they aren’t going to save my home if an inferno starts from the dead leaves on my neighbor’s roof.

Your supply chain is a bit like my neighborhood. Some of your suppliers take extreme pride in
protecting their data and systems, while some of your suppliers are like my sloppy neighbor.
Just as my neighbor’s carelessness causes undue risk to my property, some of your suppliers
place your business at risk.

Business Email Compromise schemes involving a compromised email account at a business
partner have increased 2,300% since 2015. An ATO-based BEC attack begins when one of
your suppliers has one of their corporate email accounts compromised, usually via phishing.
The attacker monitors your supplier’s email communications for outgoing invoices. At this point, the attacker will either modify the invoice, changing the payment account details, or will send a follow-up email explaining that the first invoice should be ignored as it contained the wrong payment details. Eventually your angry supplier will be demanding payment, and the finger-pointing begins. Even if your supplier accepts responsibility, you’ll spend many frustrating hours trying to resolve the issue. Worse, your email hygiene solution is unlikely to stop an email containing a crypted sandbox-aware weaponized document if that document is sent from a trusted business contact’s compromised email account. Soon the invoices you send to your customers may be tampered with, and your incoming payments will get diverted to criminals.

I could complain to the city about my neighbor, in fact, my wife has on multiple occasions.
Unfortunately, there are things you can’t control in life, and my neighbor’s behavior is one of
those things. When it comes to your supply chain, here’s where the analogy breaks down in a
good way: You can (and should!) demand your suppliers implement an appropriate level of
cybersecurity controls. You are, after all, the customer. Demand that your suppliers use
multi-factor authentication on all of their email accounts. Demand that your suppliers use a
state-of-the-art email security solution. Demand that your suppliers conduct phishing-wareness training and demand that your suppliers utilize a proven endpoint security solution. And if you see my neighbor, please tell him to clean up his act.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Russia Hacked Clinton's Computers Five Hours After Trump's Call
Robert Lemos, Technology Journalist/Data Researcher,  4/19/2019
Why We Need a 'Cleaner Internet'
Darren Anstee, Chief Technology Officer at Arbor Networks,  4/19/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-11506
PUBLISHED: 2019-04-24
In GraphicsMagick from version 1.3.30 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WriteMATLABImage of coders/mat.c, which allows an attacker to cause a denial of service or possibly have unspecified other impact via a crafted image file. This is related to Expo...
CVE-2019-8991
PUBLISHED: 2019-04-24
The administrator web interface of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, TIBCO ActiveMatrix Policy Director, TIBCO ActiveMatrix Service Bus, TIBCO ActiveMatrix Service Grid, TIBCO Silver Fabric Enabler for ActiveMatrix BPM, and TIB...
CVE-2019-8992
PUBLISHED: 2019-04-24
The administrative server component of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, TIBCO ActiveMatrix Policy Director, TIBCO ActiveMatrix Service Bus, TIBCO ActiveMatrix Service Grid, TIBCO ActiveMatrix Service Grid Distribution for TIBC...
CVE-2019-8993
PUBLISHED: 2019-04-24
The administrative web server component of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, TIBCO ActiveMatrix Policy Director, TIBCO ActiveMatrix Service Bus, TIBCO ActiveMatrix Service Grid, TIBCO ActiveMatrix Service Grid Distribution for ...
CVE-2019-8994
PUBLISHED: 2019-04-24
The workspace client of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, and TIBCO Silver Fabric Enabler for ActiveMatrix BPM contains vulnerabilities where an authenticated user can change settings that can theoretically adversely impact oth...