Byron V. Acohido | lastwatchdog.com »
It’s only February — and 2021 already is rapidly shaping into the year of supply-chain hacks.
The latest twist: mobile network operator UScellular on Jan. 21 disclosed how cybercriminals broke into its Customer Relationship Management (CRM) platform as a gateway to compromise the cell phones of an undisclosed number of the telecom giant’s customers.
This bad news from UScellular follows similarly troubling disclosures from networking software supplier SolarWinds and from email security vendor Mimecast.
Meanwhile, Mimecast followed its Jan. 12 disclosure of a digital certificate compromise with a Jan. 26 postingconfirming that the compromise was at the hands of the same nation-state threat group behind the SolarWinds hack and subsequent attacks on various technology companies and federal government agencies.
And now UScellular admits that it detected its network breach on Jan. 6, some two days after the attackers gained unauthorized access. The intruders got in by tricking UScellular retail store employees into downloading malicious software on store computers.
The attackers thus gained remote access to the CRM systems running on the store computers – and a foothold to access customers’ wireless phone numbers and associated account information.
These are three high-profile hacks, disclosed within days of each other, has signaled the cybersecurity community that established digital services suppliers are getting targeted, not necessarily as the end game, but as the weak link in an inter-connected supply chain.
There are many reasons to expect supply chain hacks to intensify in the weeks and months ahead. We’re in a phase where these hacks are sure to escalate, as threat actors move to take full advantage before the corporate sector eventually shore things up.
Last Watchdog gathered observations from a round table of cybersecurity thought leaders. Here’s what concerns them in the weeks and months just ahead: