Supply Chain companies contribute or manufacture components and offer services used by final customers in various sectors of activity (industry, commerce, transport, retail trade, finance, etc.). The final customers often receive the elements and results on a just-in-time basis, in order to avoid having fixed stocks and to optimize their need for working capital. The Supply companies are generally specialists in a market segment, often high-tech with a unique know-how.
A supply-chain company’s operating OT systems are attacked by a foreign competitor who is trying to steal information from its end customer, making it lose market share if the information becomes public. When the attacker enters the production line, he implements malicious code into the products being manufactured. The products are shipped and put into production at the final customer’s site. This leads to a damage to the company’s image, a loss in market confidence, a drop in the share price and a consequential loss of turnover.
A supply-chain company that provides to customers just-in-time receives a file that contains ransomware, such as Petya, Bad Rabbit or WannaCry. The mail takes over the financial department and internal communication. Collaborators open the file, which is executed and encrypts all computer data. The company suffers serious consequences including delivery deadlines that are not respected and goods that are not delivered causing chaos for final customers.
The exposure area of a large company is properly managed, but as part of its subcontracting, some of its partners are also over-targeted. Successful and stealthy penetration within this chain offers the possibility for hackers to bounce back to the parent company via intermediate subcontractors. The harm is done, and spying will take place remotely within segments that are supposed to be trusted, and where security rules and surveillance may sometimes be less operational.
With the TEHTRIS XDR Platform, the attacker can be detected and stopped before the malicious payload is deployed. They are blocked before implementation of offensive capabilities leading to the modification of the production line.
For known threats, our products can detect the binary before it is executed. For unknown threats, our products are capable of detecting them as soon as they are executed and stop them at their first symptoms.