Supply Chain Attack

 Supply Chain Attack 

The SolarWinds attacks, which some experts have called the worst series of cybersecurity attacks in history, are a prime example of the damage a supply chain attack can inflict. In 2020, sophisticated attackers believed to have been directed by the Russian intelligence service, compromised SolarWinds software. They embedded it with malware that was then deployed through a product update, giving them backdoor access to all of SolarWinds Orion Platform customers’ networks. Up to 18,000 customers installed updates that left them vulnerable to hackers, including Fortune 500 companies and multiple agencies in the U.S. government. As Tim Brown, vice president of security at SolarWinds, said recently, “it’s really your worst nightmare.”

What you need to know: A supply chain attack is a powerful cyberattack that can breach even the most sophisticated security defenses through legitimate thirdparty vendors. Because vendors need access to sensitive data in order to integrate with their customers’ internal systems, when they are compromised in a cyberattack, often their customers’ data is too. And because vendors store sensitive data for numerous customers, a single supply chain attack gives hackers access to the sensitive data of many organizations, across many industries. The severity of supply chain attacks cannot be overstated. And the recent spate of these attacks suggests this method is now the state actors’ attack du jour.

Comments

Popular posts from this blog

Compromised Credentials

SQL Injection