How to Stop Third-Party Cyberattacks

Third-party cyberattacks may be the most pernicious of all cyberattacks, according to The Hacker News. They target the systems of third-party vendors, including cloud, IT, and HR services. If successful, they find a backdoor that allows them to sack the digital infrastructure of all the third-party clients. Among the most publicized of these attacks was one that targeted SolarWinds, a company that supplies IT infrastructure and supply chain management software.

Third-party cyberattacks — also referred to as supply chain attacks — have become common. It is said to have directly impacted 61 percent of U.S. businesses in the year preceding April 2023. In all of 2023, according to the article, there were roughly 245,000 software supply chain attacks, with an estimated cost of $46 billion to the affected organizations. 

According to The Hacker News, “Once inside a system, threat actors can inject malicious code, steal sensitive information, or disrupt operations, causing cascading effects throughout the supply chain. A breach of one organization, or link, in the supply chain, can have far-reaching consequences and compromise the security of numerous entities.”

Attack methods include using security credentials obtained by sophisticated hacks or by purchase on the dark web, and injecting malicious code into legitimate components in order to exploit system vulnerabilities. The precise goal can vary, from obtaining exploitable financial and customer data to accessing proprietary research and trade secrets. Some hacks have been attributed to state actors, who were trying to obtain national security or other politically-related information.

The growing threat of third-party hacks demands heightened awareness and robust security strategies from all stakeholders, according to the article. Those strategies should include ongoing and thorough assessment of third-party relationships.