Password reuse main cause of supply chain attacks

Another established hacking group, FIN7, has begun to attack supply chain software through reused passwords, according to recent research. FIN7 gained notoriety in the 2010s for attack point of sale devices with credit card stealing malware. However, they have now begun to target the supply chain – following the pattern set by many other hacking groups. This shows that FIN7 may now be prioritising ransomware as their main source of monetisation. The research revealed that FIN7’s main method of entry into systems was targeting password reuse, logging into an employee’s account once they had obtained the reused password. Once inside the system, they were then able to carry out their new attacks.