Reflecting on REvil and the implications for supply chain risk management


January 17, 2022

The world is potentially waking up as a safer place this Monday, as media reports filter in of the arrest of the prolific cyber extortionist gang, REvil over the weekend. The arrest of a cybercriminal group is not partically news worthy however, the REvil arrest is exceptional for a number of reasons, most specifically because it occurred on Russian soil, enacted by Russian law enforcement and most strikingly trigger by US intelligence.

This rare moment of cooperation is a momentous occasion for the cyber world and a surprising development, given the Russian authorities historical inaction towards cyber criminals active within Russian territory but confining their targeting to Western victims.

REvil are somewhat of a poster child for cyber extortion gangs having historically netted millions of dollars in ransom payments as well as achieving some historically significant attacks such as the compromise and shutdown of Colonial Pipeline in the United State in 2021.  Although effectively going offline after the Colonial Pipeline attack, REvil have occasionally resurfaced and been linked to other successor groups such as the Blackmatter gang. In a time when people were fighting a pandemic, this gang used the opportunity to cause additional suffering.

REvil’s Impact on the Supply Chain

With a modus operandi of deliberately targeting third parties within an organisation’s wider supply chain, groups such as REvil are have widened their impact significantly over the past two years, as the vulnerabilities of our highly interconnected society becomes apparent. The impact of supply chain targeting can be seen with case studies as diverse as the  JBS S.A. attack by REvil in 2021, which caused a shutdown of all the company’s U.S. beef plants and disrupted operations at its poultry and pork plants[1].  Outside of the farming/ logistics sector the attack on Kaseya VRM an organisation active in the software manufacturing sector, highlights how groups like REvil impact across multiple sectors and their attached supply chains.

Cyber Extortion post REvil

REvil may be gone but, this isn’t the end of ransomware or cyber-attacks on third-partys. Unfortunately, the departure of REvil has merely created a gap for a new generation of cyber criminals to fill the void. With cyber extortion being a multi-billion-pound industry there will always be those looking to step into the shoes of historical cyber criminals.

Given the dependence on businesses  on third-party supplier their will be a natural increase in the attack surface of the business. And as the reliance on third-parties is likely to increase so is the risk to the business. As with every other area of business risk, there are things business can put in place to minimise risk. Within this context we recommend that  every organisation should consider using our automated Third-Party Risk Management (TPRM) software, Horizon, to give businesses an understanding of their supplier’s risk and cyber posture.

Sign up for your free-for-life myHorizon account today

This continuous monitoring of your third parties will quickly help identify potential areas for cyber criminals to exploit and prevent you becoming a victim to a group similar to REvil.

[1] https://www.theverge.com/2021/6/1/22463621/jbs-cyberattack-russia-largest-meat-supplier

 

Darkbeam

Subscribe Here!