The Aftermath of Third-Party Security Breaches

Summary

Third-party vendors and service providers used by businesses and organizations continue to be targets of threat actors in order to conduct cyber-attacks such as ransomware attacks, spear-phishing campaigns, business email compromise (BEC) scams, and vendor account compromises. This week, the Distributed Denial of Secrets (DDoSecrets) group released 269 GB of sensitive data from many US police departments and fusion centers in a collection dubbed “BlueLeaks .” The data was stolen via a security breach of a third-party web design and hosting company. Third-party vendors and service providers may serve as an entry point for threat actors to target multiple victims in network compromises that could provide an opportunity to exfiltrate sensitive data, conduct social engineering campaigns, and deliver ransomware. Data stolen from compromised networks can be used to target individuals using their personally identifiable information (PII) in attacks such as identity theft or doxing, which may endanger their lives. Therefore, security protections and controls must be implemented to safeguard client networks and data as well as limit the impact if an incident occurs.

Recommendations

The NJCCIC recommends organizations adopt a third-party management program and implement security protections and controls provided in the NJ Statewide Information Security Manual, and review the NJCCIC product Supply Chain: Compromise of Third-Parties Poses Increasing Risk . We also advise users to adopt a defense-in-depth cybersecurity strategy, keep systems patched and up to date, and maintain cybersecurity best practices, including physical security.