Amazon: How MOVEit Supply Chain Attack Left Echoing Effects
In recent years, the security of corporate supply chains has become an increasingly urgent concern for businesses worldwide.
As organisations have strengthened their internal cybersecurity defences, particularly at their digital "front doors," hackers have turned their attention to the vulnerabilities that lie beyond these protective walls – within the networks of third-party vendors.
This shift in attack strategy is not only difficult to track but also potentially devastating, as shown by the ongoing fallout from the MOVEit, a managed file transfer software product, transfer cyberattack, which not only dominated headlines throughout 2023, but now has Amazon confirming that some of its employee details had been leaked via a third-party provider.
Examining the attack
Amazon quickly clarified that no sensitive information such as financial data or social security numbers had been exposed.
In a statement following the announcement, the company said: “Amazon and AWS systems remain secure, and we have not experienced a security event. We were notified about a security event at one of our property management vendors that impacted several of its customers including Amazon.”
The breach nonetheless serves as a stark reminder of the vulnerabilities that lie within an organisation’s supply chain.
In this instance, the compromised data included work-related contact details like email addresses, desk phone numbers, and building locations – information that could easily be leveraged for phishing, social engineering, or fraud.
This event is just one in a series of cyberattacks where hackers have targeted vulnerable links in the supply chain to gain access to high-profile organisations.
The MOVEit breach, which originated from a SQL injection attack by the Cl0p ransomware gang, impacted more than 2,600 organisations, including some of the world’s most recognisable names.
- High-profile victims included the BBC, British Airways, Boots, Aer Lingus, Ernst & Young, and various government agencies.
- The attack began on 27 May 2023, exploiting a zero-day vulnerability in the MOVEit managed file transfer service.
- The breach affected millions of individuals, with sensitive data such as national insurance numbers and bank details potentially stolen.
- Over 2,500 organisations were known to be impacted, with more than 80% based in the US.
This escalation in cyberattacks is part of a broader pattern, as attackers continue to exploit weaknesses in the third-party ecosystems of businesses – a major blind spot that remains a pressing concern.
Amazon's confirmation that it had been affected by this breach underscores a larger trend observed across industries: third-party vulnerabilities remain a significant, often overlooked, risk for enterprises.
Supply chain security gaps
Amazon confirmed the breach after the data appeared on dark web forums. This poses a long-term threat, and its potential for exploitation continues to loom over affected companies.
Yet, it is not just the immediate consequences of these breaches that companies need to worry about; the broader, systemic risks tied to third-party supply chains are what make them such an urgent concern.
Despite the growing number of high-profile supply chain attacks, many companies have failed to fully recognise the scale of the threat.
Research from organisations like SecurityScorecard and BlackBerry highlights the increasing frequency and impact of cyberattacks targeting third-party vendors.
A recent study by SecurityScorecard revealed that a staggering 97% of the largest UK companies experienced breaches through their third-party ecosystem, while BlackBerry found that nearly 74% of software supply chains had been exposed to attacks in the past year.
"We were notified about a security event at one of our property management vendors that impacted several of its customers including Amazon.”
These statistics are not just numbers; they reflect the deepening vulnerability of the digital infrastructure businesses rely on.
The aftermath of these breaches is far-reaching. The financial costs of such attacks are significant, with organisations suffering reputational damage, operational disruptions, and even regulatory penalties.
The BlackBerry study revealed that software supply chain attacks had caused an 11% increase in financial losses compared to two years ago.
Supply chain security integral
The critical issue here is the need for companies to extend their cybersecurity measures beyond their own borders.
While securing internal systems is crucial, organisations must now pay equal attention to the security practices of the vendors and partners they rely on.
The problem is exacerbated by the sheer complexity of modern supply chains, where even small, seemingly insignificant vendors can become a critical point of failure.
As we continue to see supply chain attacks target the most sensitive sectors, including energy, finance, and technology, companies must prioritise third-party risk management in their cybersecurity strategies.
Looking ahead, organisations will need to adopt more comprehensive and proactive measures to secure their supply chains.
As regulations like DORA and NIS2 push businesses to take a more active role in securing their supply chains, attacks like this will become more than just a reputational burden.
******
Make sure you check out the latest edition of Cyber Magazine and also sign up to our global conference series - Tech & AI LIVE 2024
******
Cyber Magazine is a BizClik bran