Over 50 per cent of global organisations’ supply chain partners have been hit by ransomware, said Sharda Tickoo, Technical Director at Trend Micro India and SAARC. New research reveals that global organisations are increasingly at risk of ransomware compromise via their extensive supply chains.
Speaking on fresh research conducted between May and June 2022, Sharda Tickoo said that 52 per cent of global organisations’ supply chain partners have been hit by ransomware. The research further revealed that 79 per cent of global IT leaders believe their partners and customers are making their own organisation a more attractive ransomware target.
A year ago, a sophisticated attack on a provider of IT management software led to the compromise of scores of MSPs and thousands of downstream customers. But despite this, the research says only 47 per cent of organisations share knowledge about ransomware attacks with their suppliers. Additionally, 25 per cent said they don’t share potentially useful threat information with partners.
This could be because organisations don’t have information to share in the first place. Detection rates were worryingly low for ransomware activities including Ransomware payloads (63 per cent), Legitimate tooling e.g., PSexec, Cobalt Strike (53 per cent), Data exfiltration (49 per cent), Initial access (42 per cent), and Lateral movement (31 per cent), research revealed.
According to the Trend Micro research, the supply chain can also be exploited by attackers to gain leverage over their targets. Among organisations that had experienced a ransomware attack in the past three years, 67 per cent said their attackers contacted customers and/or partners about the breach to force payment.