supply chain security

Five Weakest Links in Cybersecurity That Target the Supply Chain

Third-party breaches have become an epidemic as cybercriminals target the weakest link. Organizations such as BestBuy, Sears, Delta and even NYU Medical Center are just a few that have felt the impact of cyberattacks through third-party vendors. The fallout from these breaches can be costly, as the average enterprise pays $1.23 million per incident, up […]

No CFO thinks that his signature approving a purchase order for a new five-figure piece of hardware could ultimately cost his company seven-figures, or maybe force them to shut their doors forever. But that’s the reality many companies need to face when it comes to supply chain security and risk management. Core IT equipment used inside most American companies is likely to be purchased from an American vendor. But most of the gear is built overseas, likely in Asia, where little oversight is offered into its construction and shipping.

Less than a month after the Nitol botnet takedown, Microsoft has released data casting more scrutiny of supply chain security. In its latest Security Intelligence Report (SIR) for the first half of 2012, Microsoft has connected the most prevalent malware families involved in supply chain compromises, including malicious add-ons pre-installed on PCs by manufacturers, as well as pirated software available on peer-to-peer networks, and music and movie downloads.

A botnet known as Nitol, built on the backs of PCs and laptops loaded with malware somewhere in the supply chain, was taken down by Microsoft. Microsoft’s Digital Crimes Unit was given permission this week by the U.S. District Court for the Eastern District of Virginia to take over the domain and more than 70,000 sub-domains hosting the Nitol botnet. 

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.