Nearly 10% of SMB Defense Contractors Show Evidence of Compromise
According to a new report released by Cybersecurity vendor BlueVoyant, more than half of SMB contractors in the US defense supply chain are critically vulnerable to ransomware attacks. BlueVoyant analyzed a sample of 300 smaller contractors from a defense industrial base estimated to have roughly 100,000-300,000 suppliers. The investigation showed signs of weaknesses in the ecosystem of contractors that could put national security at risk. The Defense Industry Supply Chain and Security 2021 review found that over half of the companies assessed had unsecured ports that were vulnerable to ransomware attacks.
Additionally, 48% had vulnerable ports alongside other weaknesses, including unsecured data storage ports, out-of-date software and operating systems, and other vulnerabilities rated as severe by NIST. More than six months after critical F5 and Microsoft Exchange vulnerabilities were released, nine of the companies were yet to fix them. One-fifth of the surveyed contractors were found by BlueVoyant to have multiple vulnerabilities and evidence of targeting, while 7% also had evidence of compromise. In total, among the contractors, BlueVoyant found over 13000 email security issues, 400 vulnerabilities, and 344 indications that suggested that company resources were involved in anomalous activity.