Cyberattacks pose security risks for all companies

Baar,

Chain IQ, a global leader in indirect procurement services, was the target of a cyberattack alongside 19 other companies. This was an advanced ransomware attack involving the use of new attacker tools that had never before been observed. This incident signifies an increased security risk for all companies.

Chain IQ, a global leader in indirect procurement services, was the target of a cyberattack alongside 19 other companies. This was an advanced ransomware attack involving the use of new attacker tools that had never before been observed. This incident signifies an increased security risk for all companies.

Last week, Chain IQ was the target of a cyberattack, alongside 19 other organizations. The attack resulted in data theft, with procurement-related information from some Chain IQ clients being published on the dark web.

Immediately upon the data’s publication, all relevant systems were reviewed, secured, and protective measures were strengthened. Chain IQ is working closely with its IT infrastructure and cybersecurity outsourcing partners, InfoGuard and Kyndryl.

Both companies are global leaders in their fields and operate according to the highest security standards. Law enforcement authorities were promptly involved. The breach was contained within 8 hours and 45 minutes by cutting off the attackers’ access to the affected environment.

According to InfoGuard, there is strong evidence suggesting that more companies will be confronted with similarly well-camouflaged tools in future ransomware incidents. This view is shared by security expert Marc Ruef from Scip: «The question is not if, but when such an attack will happen.»

The attack was, in several respects, uncharacteristic of typical ransomware operations and employed techniques not previously observed globally:

• First, the criminals used a previously unknown and specialized piece of software. After the initial breach, this software helped the attackers move through the company’s systems. It was also cleverly hardened against detection by security solutions. Additionally, the attackers placed great emphasis on destroying the software after the attack. Despite these measures taken by the attackers, it was ultimately restored and analyzed.
• Second, the attackers’ behavior was a typical in that they waited approximately 30 days between the core stages of the attack and the public disclosure of the incident—almost exactly the time frame after which security solution data becomes less accessible.

• Third, the attackers also modified a security system in order to erase their tracks.

In the spirit of better prevention, Chain IQ is in active communication with its clients regarding these novel ransomware attacks. Cybersecurity specialists from InfoGuard are also available to support other interested companies and organizations.

The website www.ransomware.live provide ongoing documentation of victims of cyberattacks.

* * *

Information/Contact:

Chain IQ Group, Corporate Communications, media@chainiq.com

This media release is also available at chainiq.com/media-releases

About Chain IQ

Chain IQ is a leading global independent indirect procurement service company providing strategic, tactical and operational procurement services for its clients. Chain IQ operates from 6 main centers and 14 offices around the world – headquartered in Switzerland with hubs in Zurich, New York, London, Singapore, Mumbai and Bucharest to service more than 49 countries (including Germany, Poland, China, Hong Kong, Japan and Australia) and over 60 clients. Chain IQ’s growing team of 650+ experts is known for generating significant value via 3rd party spend management through volume bundling from its global clients, digitalization of procurement processes as well as achieving latest ESG standards.