Tag Archives: cyber attack supply chain

Yahoo Breaks Record – For The Biggest Hack in History

The biggest hack in history – it’s certainly not an award to be envious about. But Yahoo broke the record after announcing a major breach from 2013.

hack record

It’s been a bad week for embattled internet giant, Yahoo, as the company announced details of a huge cyber security breach from 2013. The hack impacted over one billion accounts, twice as big as the previous largest breach.

Yahoo was also the victim of the previous hack ‘record’, which it announced in September. It means that user data from over 1.5 billion accounts has been stolen from the company between 2013 and 2014.

Both the FBI and the New York Attorney General are investigating the hack. However, the company is likely to suffer as trust in its security and systems falls.

Hack Included US Officials

The first, and largest, of the hacks occurred in August 2013. Yahoo have said that data such as usernames, passwords, phone numbers and security questions were all stolen. The company is taking steps to contact users affected by the hack, asking them to change passwords and security questions.

It’s an embarrassing turns of events for Yahoo, who are already struggling to keep pace in the tech industry. It’s the second hack the company have announced this year. To further their embarrassment, it has come to light that 150,000 of the affected accounts belonged to US Government Officials.

According to a Bloomberg report, the data stolen from the officials in the hack could be a threat to national security. Data could allow cyber criminals to identify officials, target them, and further hack personal and professional accounts.

Organisations affected included:

  • Current and former White House staff;
  • FBI agents;
  • US Congressmen and their aides;
  • Officials at the NSA and CIA;
  • Current and former US diplomats; and
  • Every branch of the US Armed Forces.

Trouble on the Verizon?

The two breaches, and the high-profile nature of the accounts included, come at a bad time for Yahoo. In recent months CEO Marissa Meyer has come under increasing criticism for how the company is performing.

The hacks may also have a major impact on the deal Yahoo currently has to sell its core internet assets to Verizon. The deal, currently estimated to be worth $4.8 billion, has still to be finalised. And while it’s likely to still go ahead, Verizon have already said it will be looking for a lower price.

In October, when the first hack was announced, Verizon stated that it was “reviewing the deal“. It’s unlikely that a second breach will assist Yahoo’s negotiation position much either. With shares prices falling 6.5 per cent in Thursday trading last week, the deal valuation is likely to be put back on the table.

However, some experts believe that the deal will still be closed at its original price. The impact of the breaches will not be seen for some time, and certainly not in a way that would show any monetary damage. But at a time when a smooth deal was top of the priority list, Yahoo will need to work very hard to recover consumer confidence.

What Should I Do?

While you will be contacted by Yahoo if you are impacted by the hack, we’ve pulled together some things you can do in the mean time.

  • Log into your e-mail account and change your password

Make it a brand new password, with upper and lower cases, special characters and numbers. No dates of birth!

  • Check accounts the e-mail is linked to

Like most people, you’ll use your e-mail to log into other online accounts. Check all these accounts to make sure there’s no unusual activity. Change your passwords.

Once you’ve done this, check for any password reset requests that you haven’t asked for in your e-mail. Report anything suspicious to the site in question.

  • Check Sent Mail for Spam

Your account might have been used for sending spam mails to your contact list. Do a quick check of your sent mail for this.

  • Two Factor Identification

In light of the increasing number of hacks, sites have begun to introduce two factor identification. This works alongside your password as part of the logging in process. Register for it where you can.

You’re never going to be 100 per cent safe from a hack. But by using strong passwords (different ones for different sites), you can help to minimise the impact and possibility.

While we frantically try to remember all our passwords, we’ve looked out some of the top headlines for this week…

Trump Holds Silicon Valley Tech Summit

  • Silicon Valley tech heavyweights sat down with President-elect Donald Trump for two hours last week.
  • The leaders including Apple’s Tim Cook, Facebook’s Sheryl Sandberg and Amazon’s Jeff Bezos.
  • Topics discussed included vocational education, trade with China, and the need for data analysis technology to detect and reduce government waste.
  • The tech industry and Trump were frequently at loggerheads during the election. Trump also singled out a number of them for criticism on non-US supply chains.

Read more at the New York Times

Amazon in Drone Delivery First

  • Amazon made history last week with its first delivery by a fully-autonomous flying drone.
  • The delivery, containing a TV remote control and a bag of popcorn, was made to a customer in Cambridge, U.K.
  • The delivery took 13 minutes from Amazon’s local warehouse to the customer’s home. Amazon intends to extend the trial to hundreds of users.
  • Packages must weigh five pounds or less and can only be delivered during the day and in clear weather.

Read more at the Wall Street Journal and watch the video here 

Mexican Government Deploys Troops for Shipment Protection

  • As many as 1000 troops have been deployed along rail lines in Mexico to protect automotive cargo from thieves.
  • Thieves have been boarding trains to steal tyres, batteries and other automotive parts.
  • Mazda and General Motors are among the companies that have been impacted by the thefts.
  • American Honda has also been affected, and takes the damage into account when deciding between rail and sea-borne deliveries.

Read more at Automotive Logistics

UK Falling Behind on Timber Requirements

  • The UK faces a future timber shortage thanks to delays in planting of forests.
  • In order to meet Government requirements of 10-12 per cent increase in woodland areas in England, 11 million tree need to be planted between now and 2020.
  • However, the Chief Executive of Confor has highlighted serious delays due to inefficiencies in the grant system for planting.
  • The highly bureaucratic process means it can take up to three years before permission is granted to plant trees on a large scale.

Read more at Supply Management

US Intelligence to Aid Supply Chains Against Cyber Attacks

A new US Intelligence campaign is set to help supply chains defend themselves against cyber attacks.

Cyber attacks

As businesses and supply chains grow increasingly more global, inevitably risk increases at the same rate. One of the most high profile risks for supply chains currently is are cyber attacks and hacking.

With each passing year, the cyber attacks get bigger. In June, the Democratic National Committee was breached by Russian hackers, and 20,000 e-mails, linked to Hillary Clinton’s Presidential campaign, were posted online.

In March, the Bangladesh Federal Reserve lost $100 million to hackers, with only $20 million recovered so far. Over 4,700 cyber attacks have been reported in the US alone since 2005, impacting hundreds of millions of people.

However, organisations with cross-border supply chains are about to get a helping hand in the fight against cyber attacks.

Cyber Attacks & Vulnerable Supply Chains

The National Counterintelligence and Security Centre will provide sensitive information, including classified threat reports, to companies about the risks of hacking in their supply chains.

The move is part of an effort to increase responsibility and education for organisations for supply chain security. It has previously been highlighted that there is a lack of understanding in US companies that having international suppliers makes supply chains vulnerable to cyber attacks.

“The supply chain threat is one that’s the least talked about but is the easiest to manipulate for all aspects of our daily lives,” said NCSC Director, William Evanina.

Domestic & Foreign Threats

The NCSC campaign will initially focus on supply chains linked to both China and Russia, the alleged sources of previous hacks. However, it will also be aimed at domestic hackers, criminal enterprises, and even disaffected former employees.

The campaign will prioritise telecommunications, energy and financial services corporations first. This is in part due to the nature of the business, but also their strategic importance to US national security.

And as well as cyber attacks, the NSCS will also be providing information and advice on so-called “hands on” crimes, such as stealing of classified information, or destruction of sensitive equipment.

Procurement Must “Play Full Part”

As part of the efforts to reduce cyber attacks, the key role of procurement has been highlighted. Evanina emphasised that procurement need to be fully integrated with other areas of the organisation to help mitigate risk.

He highlighted the role of ongoing due diligence to support initial investment in cyber security software and programmes. This would be carried out by procurement, but in partnership with the other areas of the business.

Evanina expands on the role of procurement in this video. He states that research into suppliers, and their own supply chains is critical in mitigating the risk.

Wider World

Although the work to be carried out as part of the campaign is primarily aimed at US companies, the applicability is there for all global supply chains.

Many US-based companies will purchase goods from overseas suppliers, and at the same time there will be companies purchasing from US suppliers. The inter-connected nature of the supply chain, as well as increased connectivity across technological platforms, increases the risk to organisations.

Carrying out due diligence on suppliers, knowing the full supply chain, and, perhaps most importantly, ensuring procurement plays a full part in organisational security, is a way to help mitigate this risk.

Will your organisation be taking advantage of the advice from the NCSC? Will you be impacted by any changes that take place? Let us know in the comments below.

Want to know what’s happening in the world of procurement and supply chain? Well, we’ve picked out the key headlines from the past week to keep you up to date…

Verisk Maplecroft Releases Modern Slavery Index
  • Global Risk Analysts, Verisk Maplecroft, have released their latest supply chain modern slavery index.
  • According to the Index, modern slavery constitutes a ‘high’ or ‘extreme risk’ in 115 countries worldwide.
  • Major exporters China and India fall again into the extreme risk category. The UK is one of only four countries seen as ‘low risk’
  • The report notes that most countries have some form of anti-slavery legislation or framework in place, but lack the resources to enforce these laws.

Read more at Forbes

African Countries Ban Secondhand Clothing Imports
  • A ban on imports of secondhand clothing is to be implemented by the Governments of the East African Community.
  • The group, including Kenya, Tanzania, and Uganda, proposed the ban in order to stimulate the apparel industry in their countries.
  • It is hoped that the measure will also create jobs and bolster the countries’ economies.
  • The rise of ‘fast fashion’ has led to a dramatic increase in the region’s secondhand clothing imports over the past decade.

Read more at Sustainable Brands

Scotland Launches Brexit Stimulus Fund
  • The Scottish Government has announced plans to create a stimulus fund following the UK’s decision to leave the EU.
  • The fund will add an additional £100 million to capital spending to support Scottish businesses.
  • Funds will be allocated to projects based on jobs creation and impact on the overall supply chain.
  • The Government also announced the creation of Business Information Service to support businesses affected by vote.

Read more at Supply Management

Shipping Industry Struggles Continue
  • As the results for the first half of 2016 are released, the struggles in the shipping industry look set to continue.
  • Hapag-Lloyd and Orient Overseas have both reported first half losses for 2016, with Maersk expected to do likewise this week.
  • Decreasing freight rates and over capacity have been blamed for the current plight in the industry.
  • Hapag-Lloyd plans on acquiring United Arab Shopping Co., a deal that could deliver $400 million in savings annually.

Read more at the Wall Street Journal

Is shipping & the supply chain the ‘next playground for hackers’?

The International Maritime Bureau (IMB) is warning the maritime sector to be extra vigilant in light of increasing attacks from cyber criminals.

Do hackers pose a risk to the maritime industry?

For a bureau that has traditionally focussed its efforts on fighting piracy and armed robbery at sea, this new digital threat puts an entirely different menace in its crosshairs.

The IMB has been quoted as saying, “Recent events have shown that systems managing the movement of goods need to be strengthened against the threat of cyber-attacks.

“It is vital that lessons learnt from other industrial sectors are applied quickly to close down cyber vulnerabilities in shipping and the supply chain.”

This is cause for concern for the maritime industry especially as ships, containers and rigs are all connected to computer networks. If hackers find but one weakness, it can expose the entire network and make it open to exploitation on a grand scale.

Various cyber security experts have sounded off on this very subject during the past few months, and the media has been quick to pick up on it.  Reuters reported that a floating oil rig was compromised by hackers who tilted it onto its side.  The rig was out of action for an entire 19 days while harmful malware was removed from computer systems.

In Antwerp hackers gained access to port-side computers that enabled them to target specific containers, before making off with the booty and wiping away any telltale digital fingerprints.

The latest warning from the IMB quotes Mike Yarwood – TT Club’s insurance claims expert, speaking at the TOC Container Supply Chain Europe Conference in London. “We see incidents which at first appear to be a petty break-in at office facilities. The damage appears minimal – nothing is physically removed.”

Mike continues: “More thorough post incident investigations however reveal that the ‘thieves’ were actually installing spyware within the operator’s IT network.”

In scenarios similar to the incident in Antwerp, hackers tend to track individual containers through the supply chain to its destination port. Along the way the IT systems related to the cargo are infiltrated, resulting in the hackers either gaining entry to (or generating release codes for) specific containers.

The International Maritime Bureau is a specialized department of the International Chamber of Commerce.