The recent attack on SolarWinds has highlighted how dangerous supply chain threats can be. However, besides this mega-breach, there have been several other notable attacks that have occurred across the globe.
In the last two months, several supply-chain attacks have been reported, in which attackers had targeted third-party vendors working for the victim organization. In such attacks, threat actors usually abuse trust in code signing, hijack software updates, poison open-source code, and target app stores.
SolarWinds supply chain attack is believed to have compromised more than 250 government agencies and businesses. Several high-profile organizations including U.S. agencies and IT giants have been impacted.
In addition, the attack targeted the U.S. State Department, Commerce Department, DHS, and the National Institute of Health.
Software supply chain attacks are being actively used by threat actors, and these attacks are expected to further increase in the coming future. Thus, experts suggest assessing and understanding supplier networks, knowing the risks associated with third-party partners, and including supply chain in response and remediation plan.