What is a Third-Party Compromise?
A third-party compromise is a breach of information and privacy in the form of an attack against enterprises of all sizes. Ultimately, these attacks cement a threat to supply chains, sometimes sullying relationships between companies and their suppliers. In these instances, the “attacker” is able to bypass the security stack protecting the company in question.
This includes bypassing firewalls, proxy, email, and beyond. Several different industries and organizations are more at risk than others, including those involved in oil, energy, manufacturing, gas, and logistics. With varying security zones, these organizations tend to make these breaches more viable.
How Does a Third-Party Compromise Occur?
Thanks to varying security zones and trust levels, larger organizations are more commonly the victim of these third-party compromises. Among hackers, there are many different avenues for such a breach to occur. In fact, there are options to get past security from spear phishing to network pivoting, and weaponized installs, it seems hackers never stop evolving and adapting new techniques to get what they want.
More often than not, these attacks are not seen coming. More experienced hackers are able to employ one or more of these techniques, hitting an array of verticals and completely exploiting professional relationships. A good example is the compromise of M.E.Doc in Ukraine, where an attack was propagated through network pivoting.
This “weaponized” version of M.E.Doc was executed in the form of accounting software, making infamous exploits in the way of third-party compromises. With most of these instances remaining untouchable to varying degrees of security, it is not easy to “see it coming”, much less prevent it. Let’s look a bit deeper at the specifics of the more common methods.
Spear Phishing
As one of the major methods for a third-party compromise, spear phishing is a very real threat to every industry. The practice of spear-phishing typically occurs when emails are sent from a “known source”, tricking the recipient into revealing confidential intel. This can be an email confirming a purchase or something similar, equipped with a link that steals credentials.
Network Pivoting
To simplify it, pivoting is a unique method for using what’s called a foothold to maneuver within the intended network. Ultimately, this is a technique that allows the attacker to successfully configure the network of victims, getting their tools to work successfully in gaining access and information. In this way, the hacker appears to be another authorized user.
How to Combat Third-Party Compromises
As we mentioned earlier, many of these attacks go unnoticed and untouched by common security measures. However, that does not mean they are unstoppable as a whole. With the threat itself expanding, one should be both wary and prepared. The best way to remain above the threat is by taking a few steps.
First, one should know their vendors well. Gain an understanding of what information they are privy to and go from there. Moreover, one should also have regular meetings with management especially on the topic of safety and privacy. Finally, you should also make it a habit of knowing your third party’s third parties. In the end, the more you know, the less likely you are to suffer.