This is the main conclusion drawn from the latest study published by Juniper Researchwhich estimates that in just three years global investment for companies in this regard will be almost 46,000 million dollars. Cyber attacks will become more agile, precise and personalized, in such a way that they are able to accentuate the vulnerabilities of security breaches and increase by more than 76%.
All of this will mean that the world economy a nearly $81 billion reduction in revenue, in addition to damaging the image of companies, the concept of cybersecurity and the trust of users in the systems. In fact, estimates point to automotive, medical, financial, technological and government organizations as the main victims.
The main cause of growth
The expansion of the phenomenon of digitization at all levels of supply chains has made different business departments more vulnerable, seriously endangering not only the software supply chain, but all the pieces of the business puzzle.
Juniper Research analysts believe the lack of cyber security resources It will continue to cost organizations significant sums of money, coupled with a lack of recognition of the value of data and the processes with which it interacts, as well as a lack of awareness among managers and employees.
The last outstanding case
At the end of March, the attack on the software supply chain suffered by 3CX, a voice and video conferencing VoIP application used by thousands of businesses around the world. Although the investigation is still ongoing, it is suspected that the threats could come from the group Labyrinth Chollimaemerged in 2009 and operates from North Korea.
It all started when a 3CX employee used his credentials to download and install the software X_Trader with the malware veiledsignal of Trading Technologies. He looked like the 3CXDesktopApp.exe binary deployed a beacon to infrastructure controlled by a threat actor, payloads, and hands-on keyboard activity.
At the time, the Infrastructure and Cybersecurity Security Agency confirmed that the more than 600,000 corporate clients and the more than 12 million daily active users were at risk, specifically 242,000 publicly exposed 3CX Phone Management Systems. Among them are companies of the stature of the National Health Service of the United Kingdom, Honda, BMW, PepsiCo or Air France, among others.
Total 2,595 incident reports were submitted where the binary was found to match known malicious hashes, affecting your application Windows Electron in its update 7. In turn, the attack was based on the DLL sideloadingsomething invaluable for customers.
The repercussions of the attack on 3CX
This is the first case in which an attack on the software supply chain of a company causes negative consequences in other companies and products, since at least four additional organizations were affected.
The CCN-CERT bulletin of April 20 announced that energy organizations in Europe and the United States they had been victims of cyberattacks targeting their communication systems from the vulnerability experienced by 3CX telephony software. Companies in the transport and service sectors were also affected.
a common goal
Strengthen the security of the software supply chain It is the main slogan in the national cybersecurity strategy of the White House and the Cybersecurity and Infrastructure Security Agency. Something that will affect the providers of software, hardware and platforms to the providers that develop and sell these products.
In fact, this has caused many vendors to reject security by design and security principles present in the strategy. Now you need to see the role of responsibility that US officials will occupy in this regard, requiring legislation by Congress.
