Service providers

Context

Supply Chain companies contribute or manufacture components and offer services used by final customers in various sectors of activity (industry, commerce, transport, retail trade, finance, etc.). The final customers often receive the elements and results on a just-in-time basis, in order to avoid having fixed stocks and to optimize their need for working capital. The Supply companies are generally specialists in a market segment, often high-tech with a unique know-how.

Types of threats

Case #1 : Strike of a subcontractor by a rival entity

A supply-chain company’s operating OT systems are attacked by a foreign competitor who is trying to steal information from its end customer, making it lose market share if the information becomes public. When the attacker enters the production line, he implements malicious code into the products being manufactured. The products are shipped and put into production at the final customer’s site. This leads to a damage to the company’s image, a loss in market confidence, a drop in the share price and a consequential loss of turnover.

Case #2 : Ransomware attack

A supply-chain company that provides just-in-time services to strategic clients receives a file that contains ransomware, such as Petya, Bad Rabbit or WannaCry. The mail takes over the financial department and internal communication. Collaborators open the file, which is executed and encrypts all computer data. The company suffers serious consequences including delivery deadlines that are not respected and goods that are not delivered, causing chaos for final customers.

Case #3 : Stealth and persistent bounce

The exposure area of a large company is properly managed, but as part of its subcontracting, some of its partners are also over-targeted. Successful and stealthy penetration within this chain offers the possibility for hackers to bounce back to the parent company via intermediate subcontractors. The harm is done, and spying will take place remotely within segments that are supposed to be trusted, and where security rules and surveillance may sometimes be less operational.

TEHTRIS protects the supply chain sector

With the TEHTRIS XDR Platform, the attacker can be detected and stopped before the malicious payload is deployed. They are blocked before implementation of offensive capabilities leading to the modification of the production line.

For known threats, our products can detect the binary before it is executed. For unknown threats, our products are capable of detecting them as soon as they are executed and stop them at their first symptoms.

In addition, the SOC of TEHTRIS offers an expert view of the events that occur on the monitored information systems.