Supply Chain companies contribute or manufacture components and offer services used by final customers in various sectors of activity (industry, commerce, transport, retail trade, finance, etc.). The final customers often receive the elements and results on a just-in-time basis, in order to avoid having fixed stocks and to optimize their need for working capital. The Supply companies are generally specialists in a market segment, often high-tech with unique know-how.
A supply chain company operating OT systems is attacked by a foreign competitor who is trying to steal information from its end customer, and to make it lose market share if the information becomes public. When the attacker enters the production line, he implements malicious code into the products being manufactured. The products are shipped and put into production at the final customer’s site. There is thus a damage to the company’s image, a loss of market confidence, a drop in the share price and a consequential loss of turnover.
Une entreprise de Supply qui fournit en flux tendu des clients stratégiques au sein d’un pays reçoit un fichier malveillant contenant un ransomware de type Petya, Badrabbit, Wannacry. Le mail usurpe la direction financière ou la communication interne. Les collaborateurs ouvrent le fichier qui est exécuté et chiffre les données des ordinateurs. L’entreprise subit donc de lourdes conséquences, les délais de livraison ne sont pas respectés, pas de livraison de marchandise impliquant une rupture de production chez les clients finaux.
The exposure area of a large company is properly managed, but as part of its subcontracting, some of its partners are also over-targeted. Successful and stealthy penetration within this chain offers the possibility for hackers to bounce back to the parent company via intermediate subcontractors. Through transitivity, the harm is done, and spying will take place remotely within segments that are supposed to be trusted, and where security rules and surveillance may sometimes be less operational.
With eGambit, the attacker can be detected and stopped before the malicious payload is deployed, and before the implementation of offensive capabilities and persistence leading to the modification of the production line.
For known threats, our products can detect the binary before it is executed or detect it as soon as it is executed for unknown threats; and stop it at the first symptoms.