IT service providers have recently become a common target of cyber attacks and 11 of them have been compromised since July 2018. Attackers target providers in attempts to gain access to their customers, according to a blog post by Symantec.
What makes this especially ironic is that IT service providers often are the same companies that businesses hire to protect them against cyber threats. It’s not exactly a new tactic by cybercriminals, who in the past have even attacked security vendors. Perpetrators also have been known to target some companies purely to get to their business partners. This practice was the subject of investigation in a recent (ISC)² study titled, “Securing the Partner Ecosystem.”
Symantec revealed that the group responsible for the IT service provider attacks, which calls itself Tortoiseshell, appears to be relatively new. Most of the attack targets are based in Saudi Arabia, and Symantec has detected Tortoiseshell activity as recently as July 2019.
On at least two occasions, attackers gained domain admin-level access, as evidenced by the deployment of tools designed to retrieve information about the infected machines. That information includes IP configuration, applications, system information and network connectivity data.
These “supply chain attacks” target trusted software, hardware or services to infiltrate third-party networks. Such attacks require a higher level of skill and sophistication, the vendor says.
Third-party Targets
The IT service providers come as reminder of the risks associated with digital and cloud connections between companies. Attackers over the years have sought ..
Support the originator by clicking the read the rest link below.
