USA Trends and Developments Contributed by: Beth George, Timothy Howard, Brock Dahl and Megan Kayo, Freshfields
Supply chain attacks Beyond ransomware attacks, supply chain attacks continue to be a significant issue. Hack - ers have found that third-party vendors (includ - ing security vendors) can create successful avenues of attacks, allowing them to leverage accesses and service deliveries to the vendors’ customers to amplify their attack space. In addi - tion to the SolarWinds attack, in June 2023, a significant cyber-attack exploited a vulnerability in managed file transfer software MOVEit. The vulnerability allowed attackers to steal files from organisations through SQL (structured query language) injection on public-facing servers. This breach affected thousands of organisations and millions of individuals – including govern - ment agencies, media outlets, and organisations in other sectors – and was considered one of the largest supply chain attacks to date. The Cl0p ransomware gang, a Russian-affiliated cyber group, claimed responsibility for the attack. Cyber-attacks on and exploitation of vulner - abilities at vendors have resulted in significant losses for their customers. In fact, supply chain risk has become such a significant issue that the US’ National Institute of Standards and Technol - ogy (NIST) released its first major update of the NIST Cybersecurity Framework, incorporating practices to manage cybersecurity risks within and across organisations’ supply chains. Supply chain attacks can be more challenging to investigate, as an affected customer may have limited visibility into an attack on a third- party vendor and limited control over the ven - dor’s investigation. Companies need to assess which of their vendors have the greatest access to their systems – and thus are the highest risk – in order to identify the greatest risks posed by supply chain attacks. By focusing on those highest-risk areas, companies can develop
mitigations by placing technical limitations and increased monitoring on those vendors as well as by requiring the vendors to engage in robust cybersecurity practices, in addition to potentially shifting liability through contractual agreements. Cybersecurity and AI Cybercriminals are increasingly using AI to auto - mate and target their attacks. This allows them to carry out individualised mass phishing attacks tailored to their targets – not only greatly increas - ing the efficiency of the attacks, but also allow - ing well-organised threat actors to automatically create fake login pages that are virtually indis - tinguishable from the legitimate pages. Addition - ally, research has indicated that the use of AI will significantly improve the capability of threat actors to crack passwords. AI also allows threat actors to replicate proofs of concept or other types of successful attacks more quickly. By way of example, if a zero-day vulnerability is identified, the amount of time for threat actors to identify and target compa - nies with such vulnerabilities in their systems is becoming shorter. The dwell time that threat actors are in a company’s systems is also decreasing, as AI allows threat actors to identify data that appears to be valuable more efficiently and thus extract that data more quickly. There is some good news, however. AI is increasingly being leveraged in cyberdefence to enhance the detection and prevention of cyberthreats and enhance the response to such threats. One of the primary applications of AI in this field is the identification and quarantine of suspicious emails that may be part of phish - ing campaigns. AI-powered tools use machine- learning algorithms to analyse email content and detect phishing attempts by identifying patterns
362 CHAMBERS.COM
Powered by FlippingBook