Airbus hit by cyberattacks that targeted key suppliers
Friday, September 27, 2019
Chinese officials have not commented on the report, but the Middle Kingdom has previously denied that it was involved in any hacking activities.
Ilia Kolochenko, founder and chief executive officer of web security company ImmuniWeb, told SiliconANGLE that cyber gangs have already been successfully targeting suppliers and other trusted parties of their victims for many years. “There is no need to undertake an expensive, time-consuming and risky assault of a castle if you can quickly get in via a loophole,” he said.
The problem, he added, is that most of the suppliers are battling to win bids in a highly competitive and turbulent global market and often ignore cybersecurity fundamentals.
“Implementation of information security at a level comparable to their VIP customers will boost their internal costs thereby considerably increasing their market prices making them uncompetitive,” he said. “Worse, large global companies such as Airbus have a great wealth of countless trusted third parties across the globe that it would be virtually unfeasible to keep an eye on how cybersecurity is implemented at their suppliers without skyrocketing monitoring and compliance costs.”
Indeed, he said, third-party risk management is still nascent in most of the organizations. That’s partly because shareholders likely won’t want their companies to spend a lot of money surveilling third parties at their own expense. Read Full Article
Dark Reading: Mass Exploitation of vBulletin Flaw Raises Alarm
ComputerWeekly: Attackers breached supplier systems to steal Airbus secrets