How legitimate websites are used to spread ransomware

Supply chain attacks surged in 2021, as cybercriminals continued to find new ways to exploit the digital networks of the world. The rapid shift to hybrid work and school, the increase in smart devices, and the urgent expansion of health sector and vaccine networks created new opportunities for hacking gangs. Ransomware-as-a-service and advances in malware and ransomware capabilities have also made it easier for new criminals to launch sophisticated attacks.

Bringing these new opportunities and capabilities to bear on a single supply chain entity can result in a disproportionate amount of damage. The threat actors behind the 2020 SolarWinds attack appear to have been interested in fewer than 100 targets, but the nature of their attack made it possible to breach as many as 18,000 SolarWinds customers. Those companies represent thousands of innocent victims that were just caught in the crosshairs of attackers going after specific targets.

Supply chain attacks and thinking beyond the OWASP Top 10

There are many different types of supply chain attacks across multiple threat vectors. Brett Wolmarans has published a detailed explanation of how a legitimate website can be used in a ransomware attack. The example he provides shows why it's so important to understand the shared responsibility model of cloud security and why it's necessary to think beyond the OWASP Top 10 when securing a website.

You can read Brett's post on the AWS Partner Blog: Anatomy of a Supply Chain Ransomware Attack and How to Prevent It with Barracuda’s CloudGen WAF on AWS.

Brett has also created several blog posts and videos on application security. Here are some of our favorites:

• Video: Barracuda Cloud Application Protection and Web Application Firewall
• Video: Cloud Application Protection and your APIs
• Secured.21: Keys to fast, successful application security deployment
• Threat Spotlight: When bad bots attack

For more from Brett, connect with him on LinkedIn.