Black Kite 2022 Third-Party Breach Report Released

Black Kite has released their 2022 Third-Party Breach Report, with some key findings including:

  • Ransomware became the most common attack method of third-party attacks, initiating 27% of breaches analyzed in 2021.
  • Software publishers were the most common source of third-party breaches for a third consecutive year, accounting for 23% of related incidents.
  • The average time between an attack and the disclosure date was 75 days.
  • The healthcare industry was the most common victim of attacks caused by third parties, accounting for 33% of incidents in 2021.
  • Unauthorized network access followed ransomware, contributing to 15% of breaches
  • Unsecured servers and databases came third, accounting for 12% of breaches.

Aimei Wei, Founder and CTO, Stellar Cyber has this commentary:

“Our findings align with what the report discovered. Organizations have never adopted third party software at today’s speed due to the huge productivity improvement or the enablement brought in by this software. With the benefits comes the security threat from the increased attack surface. It is very challenging to ensure each one of them is vulnerability free, especially with the dynamic software upgrade, it is not future proof even if a software is vulnerability free today. The more practical way to fight this battle is to have a security monitoring system that can protect your entire attack surface dynamically by detecting any suspicious behaviors.”

This report can be a great roadmap for companies of all sorts to better secure themselves. Thus I encourage those in charge of cyber security to read the report and take the necessary action to secure themselves.

UPDATE: Kevin Novak, Managing Director, Breakwater Solutions had this to say:

“By attacking third parties, attackers gain the benefit of hitting an aggregated target; particularly when they can compromise the product being provided by that third party…a software package that then gets distributed to end-users for instance. It’s no wonder why the supply-chain vector has increased so broadly as a preferred target of cyber-attacks. Suppliers are data rich and have significant impetus to pay ransoms lest they lose customers who are paying for their services to remain online and for their data to remain secure.”

“While it is certainly the case that some ransomware attacks are all about ransom and quick returns, a sizeable percentage of ransomware attacks have a more protracted lifecycle that includes deployment of a ransomware across the enterprise, but also includes other objectives too.  In these cases, attackers will attempt to find opportunities to commit fraud or exfiltrate data, leaving ransomware as a final parting gift.”

“Whereas ransomware, phishing, unauthorized network access, malware (ransomware being a type), zero-day vulnerabilities, etc., are all methods, these attacks are not all perfectly detached from one another.  A phishing attack may lead to unauthorized network access, which might lead to discovery and exploitation of a zero-day vulnerability, that leads to account compromise, that finally give an attacker the ability to deploy ransomware throughout the organization.  Sometimes there are fewer steps in the process (phishing that self-propagates ransomware enterprise-wide), but this often isn’t the case.”

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: