There is More to Supply Chain Attacks Beyond SolarWinds

The recent attack on SolarWinds has highlighted how dangerous supply chain threats can be. However, besides this mega-breach, there have been several other notable attacks that have occurred across the globe.

Quick analysis

In the last two months, several supply-chain attacks have been reported, in which attackers had targeted third-party vendors working for the victim organization. In such attacks, threat actors usually abuse trust in code signing, hijack software updates, poison open-source code, and target app stores.


SolarWinds - not just any attack

  • SolarWinds supply chain attack is believed to have compromised more than 250 government agencies and businesses. Several high-profile organizations including U.S. agencies and IT giants have been impacted.
  • The attack targeted well-known tech firms such as Microsoft, CrowdStrike, VMware, and most recently, Mimecast.
  • In addition, the attack targeted the U.S. State Department, Commerce Department, DHS, and the National Institute of Health.

Conclusion

Software supply chain attacks are being actively used by threat actors, and these attacks are expected to further increase in the coming future. Thus, experts suggest assessing and understanding supplier networks, knowing the risks associated with third-party partners, and including supply chain in response and remediation plan.

Cyware Publisher

Publisher

Cyware