Protect your organization from growing software supply chain attacks
Check out all the Smart Security Summit on-demand sessions here.
Attackers find it hard to resist the lure of software supply chains: they can gain too quick and easy access to a wide range of sensitive information, and thus obtain juicier payments.
In just one year, between 2020 and 2021, software supply chain attacks have increased by more than 300%. And 62% of organizations admit to being impacted by such attacks.
Experts warn that the onslaught will not slow down. In fact, according to Gartner data, 45% of organizations worldwide will have experienced a ransomware attack on their digital supply chains by 2025.
“No one is immune,” said Zack Moore, security product manager at InterVision. “From small businesses to Fortune 100 companies to the highest levels of the US government – everyone has been impacted by supply chain attacks over the past two years.”
EventOn-Demand Smart Security Summit
Learn about the essential role of AI and ML in cybersecurity and industry-specific case studies. Watch the on-demand sessions today.
look here Examples galoreThe SolarWinds attack and the Log4j vulnerability are two of the most notorious examples of software supply chain attacks in recent memory. Both revealed just how ubiquitous software supply chain attacks can be, and in both cases the full extent of the ramifications has yet to be seen.
"SolarWinds has become the benchmark for digital supply chain risk," said Michael Isbitski, director of cybersecurity strategy at Sysdig.
Nevertheless, he added, Microsoft Exchange is another example that had just as much impact, "but was quickly forgotten." He pointed out that the FBI and Microsoft continue to track ransomware campaigns targeting vulnerable Exchange deployments.
Another example is Kaseya, which was hacked by ransomware agents in mid-2021. As a result, more than 2,000 customers of the IT management software vendor received a compromised version of the product, and between 1,000 and 1,500 customers ultimately had their systems encrypted.
"The immediate damage from an attack like this is immense," Moore said. “However, the long-term consequences are even more dangerous. The total cost of recovery can be huge and take years. »
So why do software supply chain attacks continue?The reason for the continued bombing, Moore said, is the growing reliance on third-party code (including Log4j).
This makes distributors and suppliers even more vulnerable, and vulnerability is often equated with a higher payout, he explained.
Furthermore, "Ransomware actors are becoming more thorough and using unconventional methods to hit their targets," Moore said.
For example, using appropriate segmentation protocols, ransomware agents target...
Check out all the Smart Security Summit on-demand sessions here.
Attackers find it hard to resist the lure of software supply chains: they can gain too quick and easy access to a wide range of sensitive information, and thus obtain juicier payments.
In just one year, between 2020 and 2021, software supply chain attacks have increased by more than 300%. And 62% of organizations admit to being impacted by such attacks.
Experts warn that the onslaught will not slow down. In fact, according to Gartner data, 45% of organizations worldwide will have experienced a ransomware attack on their digital supply chains by 2025.
“No one is immune,” said Zack Moore, security product manager at InterVision. “From small businesses to Fortune 100 companies to the highest levels of the US government – everyone has been impacted by supply chain attacks over the past two years.”
EventOn-Demand Smart Security Summit
Learn about the essential role of AI and ML in cybersecurity and industry-specific case studies. Watch the on-demand sessions today.
look here Examples galoreThe SolarWinds attack and the Log4j vulnerability are two of the most notorious examples of software supply chain attacks in recent memory. Both revealed just how ubiquitous software supply chain attacks can be, and in both cases the full extent of the ramifications has yet to be seen.
"SolarWinds has become the benchmark for digital supply chain risk," said Michael Isbitski, director of cybersecurity strategy at Sysdig.
Nevertheless, he added, Microsoft Exchange is another example that had just as much impact, "but was quickly forgotten." He pointed out that the FBI and Microsoft continue to track ransomware campaigns targeting vulnerable Exchange deployments.
Another example is Kaseya, which was hacked by ransomware agents in mid-2021. As a result, more than 2,000 customers of the IT management software vendor received a compromised version of the product, and between 1,000 and 1,500 customers ultimately had their systems encrypted.
"The immediate damage from an attack like this is immense," Moore said. “However, the long-term consequences are even more dangerous. The total cost of recovery can be huge and take years. »
So why do software supply chain attacks continue?The reason for the continued bombing, Moore said, is the growing reliance on third-party code (including Log4j).
This makes distributors and suppliers even more vulnerable, and vulnerability is often equated with a higher payout, he explained.
Furthermore, "Ransomware actors are becoming more thorough and using unconventional methods to hit their targets," Moore said.
For example, using appropriate segmentation protocols, ransomware agents target...
What's Your Reaction?
![Three of ID's top PR executives quit ad firm Powerhouse [EXCLUSIVE]](https://variety.com/wp-content/uploads/2023/02/ID-PR-Logo.jpg?#){kind=logo}
