Supply Chain Attacks: How to Defend Against Vendor Email Compromise

The GreatHorn Threat Intelligence Team, alongside hundreds of responses from IT security professionals, report 58% of organizations have experienced an attempted Supply Chain Attack in the past year. One of the largest attack techniques used in Supply Chain Attacks is a form of man-in-the-middle (MitM) attack, whereby an attacker compromises login credentials to leverage legitimate email communications between parties to carry out their Supply Chain Attack. Known as Vendor Email Compromise (VEC), once attackers have access to log into a user’s email they can pose as that user and leverage those trusted relationships in the user’s supply chain to go as far as taking advantage of existing email threads, or data.

Given the quantity of workers remaining in a remote capacity, and the increase in phishing attacks that lead to malicious sites that compromise credentials, an organization’s supply chain has become a significant target for cybercriminals. With 3.7% of all emails containing potentially malicious links that bypass native email security controls, and 41% of organizations stating that users click on malicious links daily, identifying links that attempt to harvest credentials is the first step for organizations in securing and protecting their users from account takeovers.

Malicious URLs: What You Need to Know cover

To learn more about malicious URLs trends, example attacks, and actions you can take, downxload GreatHorn’s eBook, Malicious URLs:
What You Need to Know.

Download it here

So how do organizations detect MitM attacks?

It’s important for organizations to know the adversary tactics and techniques being used in order to develop mitigation strategies – and in the event that the attacker succeeds, how to detect and remediate attacks. There are 2 steps to mitigate the risk associated with Vendor Email Compromise in these MitM cyberattacks.

Step 1: Credential Theft Detection

To be able to perform a VEC attack, the attacker typically first begins with a phishing, or more targeting spear-phishing attack. Organizations should be able to systematically identify those emails that contain links to credential harvesting sites. An email security platform should leverage advanced computer vision to analyze suspicious links and prevent employees from accessing password stealing accounts. This functionality mitigates against credential harvesting attacks that can lead to account takeovers and internal spear phishing.

Step 2: Identity Verification

In the event credentials have been compromised and the account is taken over, another line of defense to mitigate the risk of further attacks is to use biometric authentication to verify a user’s identity. An email security platform should be able to recognize a user’s unique typing patterns such as keystroke speed, pressure, timing and more. The result is 100% detection of compromised accounts via email.

Attackers will continue to launch continuous attacks against supply chain partners, gaining access to supplier systems, including email. Identifying spoofed vendors/individuals that can send malicious links and compromised partner accounts calls for advanced email security techniques. By augmenting or replacing traditional email security approaches with more sophisticated capabilities, organizations can detect and mitigate the risk of supply chain attacks.

Want to know how at risk your organization is for Supply Chain Attacks and Vendor Email Compromise?
Try GreatHorn Risk-Free for 30 Days!

email threat assessment icon

Get Your FREE Email Threat Assessment

Learn what advanced threats are currently getting through your existing email security and into your end users’ mailboxes.