One Article Review
| Source |  AlienVault Lab Blog |
|---|---|
| Identifiant | 5659440 |
| Date de publication | 2022-07-11 10:00:00 (vue: 2022-07-11 10:06:39) |
| Titre | 5 Common blind spots that make you vulnerable to supply chain attacks |
| Texte | This blog was written by an independent guest blogger. Over the past several years, hackers have gone from targeting only companies to also targeting their supply chain. One area of particular vulnerability is company software supply chains, which are becoming an increasingly common method of gaining access to valuable business information. A study by Gartner predicted that by 2025, 45% of companies will have experienced a supply chain attack. Supply chain attacks can come in various ways, whether by malicious code injected into enterprise software or vulnerabilities in software your company uses. To mitigate this risk, companies must learn about the methods used to execute attacks and understand their company’s blind spots. This article will look at 5 recent software supply chain attacks and how third-party partners can pose a security risk to your company. We’ll make recommendations for how to secure your business against supply chain attacks and how you can engage in early detection to respond to threats before they take down your enterprise. What is a software supply chain attack? The CISA or US Cybersecurity and Infrastructure Security Agency defines a software supply chain attack as an attack that “occurs when a cyber threat actor infiltrates a software vendor’s network and employs malicious code to compromise the software before the vendor sends it to their customers. The compromised software then compromises the customer’s data or system.” A software supply chain includes any company you purchase software from and any open-source software and public repositories from which your developers pull code. It also includes any service organizations that have access to your data. In the aggregate, all of these different suppliers exponentially increase the surface area of a potential attack. Software supply chain attacks are particularly dangerous because the software supply chain acts as an amplifier for hackers. This means that when one vendor is impacted, hackers can potentially reach any of their customers, giving them greater reach than if they attacked a single target corporation. Two primary reasons contribute to the danger, according to CISA: Third-party software products usually require privileged access; They often require frequent communication between the vendor’s own network and the vendor’s software on customer networks. Attackers leverage privileged access and a privileged network access channel as their first point of access. Depending on the level of available access, attackers can easily target many devices and levels of an organization. Some industries, like healthcare, are of particular vulnerability because they possess huge volumes of patient data subject to strict compliance regulations and laws. Five major supply chain attacks In recent memory, software supply chain attacks have gathered increased attention from the public because of how damaging they can be to a company and its reputation. The Log4j vulnerability demonstrated just how vulnerable companies can be to relying on third-party software, for example. Other high-profile attacks like the SolarWinds SUNBURST attack and Kaseya VSA (REvil) attack also provided painful reminders of how damaging supply chain attacks can be. The SolarWinds SUNBURST backdoor On December 13th, 2020, the SUNBURST backdoor was first disclosed. The attack utilized the popular SolarWinds Orion IT monitorin |
| Notes | |
| Envoyé | Oui |
| Condensat | “occurs 100 13th 2020 2022 2025 26th 500 aberrant able about accepting access access; accessed according accounts action active activity actor acts added additional additionally against agencies agency aggregate aimed all also although amazon amounts amplifier analysis analyze another any apache application applications are area arrangement article asset attack attacked attackers attacking attacks attention attributing authentication available avoid avsvmcloud aware aws backdoor based because becoming before behavior behavioral being best between billion blind blog blogger breach bring business byod c&c can capability capital card case caused chain chains changes channel channels cisa cisa: cloud code com combat come command commerce common communication companies company company’s complete compliance compromise compromised compromises concern concerning configuration connected contribute control coordinated corporation course creating credit customer customer’s customers cyber cybersecurity damaging danger dangerous dangers data day december dedicated defines demonstrated department depending detection develop developers device devices did different disclosed discovered discovering domain dormancy down downstream early easily edge elite employee employs endeavors engage enterprise every exactly example execute experienced exploit exponentially extensive extent facing february finally firm first five flaws fortune frequent frequently from full functions gaining gartner gathered get giving globally gone government greater group groups guest hackers hacking had have having healthcare high hijacked how huge impacted includes including increase increased increasingly independent indicated industries infiltrates information infrastructure injected insider internal internet inventory it’s its java just kaseya key knowledge lack laptop laws learn less level levels leverage leveraged library like limited limiting log4j log4shell look made main major make malicious malware managed management many march may means memory method methods million minimizing mitigate monitor monitored monitoring more must network networked networks nonetheless not noted often okta one only open organization organizations orion other over own painful part particular particularly partners party past patching pathways patient performed period permitted place platform point policies popular pose possess possible potential potentially practices precautions predicted preventing primary privileged problem products profile protect provided provider providing public publicized pull purchase purpose quickly ransomware reach reasons recent recognized recommendations registered regulations relying reminders remote reports repositories represent reputation require requires resolving respond revealed revil risk rogue run running secure security send sends server servers service services several should similar single sitel situation software solarwinds some source spot spots steal stop strict study style subcontractor subject suite sunburst supplier suppliers supply surface system systems take taken taking target targeted targeting targets telecommunications than that’s them then these they’re third threat threats time too track tracks treasury trojanized trust two type types under understand unexpected universities unmanaged unsanctioned update updates used uses usually utility utilized utilizes utilizing valuable various vast vector vendor vendor’s vendors volumes vsa vulnerabilities vulnerability vulnerable ways we’ll web well what when whether which will would written years your zero |
| Tags | Ransomware Data Breach Vulnerability Threat Patching |
| Stories | Solardwinds |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.