Ransomware attacks on colleges in Tennessee and Louisiana over the past two months have been swift and efficient. At least two colleges in Tennessee and at least five universities in Louisiana were hit with ransomware that have disrupted daily life on their campuses. Trends of attacks like this highlight the significant risk supply chain attacks pose.
A supply chain attack targets links in the supply chain to exploit them and the companies relying on them. It is easy to come up with examples of these kinds of attacks being used by state actors, as in SolarWinds, but it is important to remember that ransomware groups use them as well.
This means that even industries that are not traditionally targeted by state actors must prioritize asset and network visibility. While retailers or the primary education sector may not be a high priority state target, they are certainly targets for ransomware groups and should be paying attention to this attack vector.