什么是 Supply chain attack(供应链攻击) Supply chain attack(供应链攻击)是指攻击者通过破坏或渗透软件开发、分发的流程,借此在软件的生命周期中植入恶意代码、后门或进行信息篡改。这类攻击的本质是通过软硬件或软件依赖关系链条中的薄弱环节,来达到攻击目标。由于现代软件开发经常依赖外部库、模块、服务等,供应链...
Like other hacking incidents, a well-executed software supply chain attack can spread rapidly. The following examples weaponized automatic software updates to infect computers in large and small companies in countries all over the world and highlight how they have evolved over t...
When a supply chain attack is targeting your customers’ financial and personal information, it is predominantly JavaScript being compromised. To combat it, your fraud and security teams need control over the behavior of any third party JavaScript code embedded in your web applications. With continuou...
This is a type of cyber security attack where adversaries slip malicious code or components into a trusted piece of software or hardware.The goal of such an attack is the ability to infiltrate organizations that are down the chain of the affected component. The focus on supply chain attacks in...
A platform called Top.gg that’s used to publish bots for the popular Discord chat app recently had one of its GitHub repositories poisoned with malicious code as part of a larger software supply chain attack. The incident highlights the snowball effect that even one malicious package...
While large-scale attacks or high-profile victims often make the news, the software supply chain style of attack is not exclusively used against large companies. Attackers may also use this method for smaller campaigns — like those targeting development environments— that won’t necessarily make ...
A new open framework has been launched to outline a comprehensive and actionable way for businesses and security teams to understand attacker behaviors and techniques specifically impacting the software supply chain. The Open Software Supply Chain Attack Reference (OSC&R) initiative, ...
And this concerning trend shows no signs of stopping. Gartner estimates that45% of organizationswill experience a software supply chain attack by 2025. Why? These attacks are very lucrative for bad actors: the hits they can get from a single weapon aren’t proportional to anything else in the...
Most organizations have limited visibility over their software supply chain. Any third party that is not well secured, and provides software or services to large organizations, is a risk for a supply chain attack. Most commonly, attackers look for the weakest links in a supply chain – for exa...
5. Create a Detailed Response Plan for Potential Supply Chain Attacks Organizations should create a detailed incident response plan in case a supply chain attack succeeds. This plan should outline the steps to take in case of an attack, including identifying the compromised software, isolating affect...