Supply Chain Council of European Union | Scceu.org
News

Software Supply Chain Attacks: Clear and Present Danger

More than a year after the SolarWinds Sunburst attack and most companies are still exposed to software supply chain attacks.

In a study conducted by Argon Security at Aqua Security, it was found that the majority of companies didn’t implement software supply chain security measures and that most organizations are still at risk.

“Unfortunately, most security teams lack the resources, budget and knowledge to deal with supply chain attacks, said Eran Orzel, head of Argon’s sales and customer teams. “Implementing strong security over the software supply chain takes time and organizations need to prioritize this now to be able to secure their process and application against the next attack wave.”

In the modern world, one of the hottest targets for cyberattacks are software development supply chains. When attackers launch a supply chain attack, they are throwing a wide net that could affect thousands of companies in a single attack. These attacks also have a big economic impact on the customer-vendor relationships of targeted companies that depend on their cloud security vendors and are trusting the software updates of their software vendors.

Closing the Gaps

The Argon study identified three primary areas of risk affecting software supply chain security posture. Closing these security gaps should be a top priority.

1. Vulnerable Packages: There are two attacks vectors that leverage open source packages. The first is exploiting existing vulnerabilities discovered in open source packages and leveraging them to execute the attack. (Example: The recent Log4j cyberattacks.) The second vector, package poisoning, is more proactive; the attacker takes control of a popular package/public repository and injects malicious code into the open source packages. Developers or pipeline tools then add it as part of the application build process. (Example: us-parser-js package poisoning.)

Related posts

Global Automotive Parts Supply Chain Management Market Key Manufactures, Share and End User Forecast by 2025| SAP, ORACLE, JDA, Manhattan

scceu

Körber unveils supply chain software solution strategy at Elevate Americas 2022

scceu

Supply chain issues makes DOTD use old materials to move forward on their projects

scceu