IT outsourcing market continues to demonstrate strong growth globally – such services are becoming increasingly popular. But along with the advantages, such as saved time and resources, delegating non-core tasks creates new challenges in terms of information security. By providing third-party companies (service providers or contractors) with access to their infrastructure, businesses increase the risk of trusted relationship attacks – T1199 in the MITRE ATT&CK classification.
In 2023, trusted relationship cyberattacks ranked among the top three most frequently used attack vectors. In such attacks, attackers first gain access to the service provider’s network, and then, if they manage to obtain active credentials for connecting to the target organization’s network, infiltrate the target infrastructure. In most cases, contractors are small- and medium-sized businesses that are less protected than large enterprises. This is also why IT service providers attract the attention of attackers.
Trusted relationship vector is attractive for attackers because it allows them to carry out large-scale attacks with significantly less effort than other vectors. Attackers only need to gain access to the service provider’s network to expose all its clients to cyberrisk, regardless of their size or industry. Moreover, attackers using legitimate connections often go unnoticed, as their actions within the affected organization’s infrastructure look like the actions of the service provider’s employees. According to 2023 statistics, only one in four affected organizations identified an incident as a result of detecting suspicious activity (launch of hacker tools, malware, network scanne ..
Support the originator by clicking the read the rest link below.
