Software supply chain attacks infamously made it to mainstream media back in December 2020 due to the now well-known SolarWinds attack which infected close to 18,000 businesses including 425 of the Fortune 500. But since then, these attacks have only continued to rise. In fact, 2021 saw Software Supply Chain Attacks increase by approximately 650% and due to their ‘success’ it likely this trend will continue moving into 2022.
So, what are Software Supply Chain Attacks?
Software Supply chain attacks vary in the techniques used but ultimately target software suppliers and developers with the aim to infect legitimate applications which are later downloaded by the many users after its distribution. These are becoming popular with cybercriminals because as enterprise software is becoming more sophisticated, it increases the number of attack vectors within the software as the malicious code can be inserted at many points in the building, distribution and updating stages. The fact that the infected software is then distributed for them by what appears to be a trusted source only makes it easier for there attack to be a hit. At this stage, many organisations aren’t in the best position to not only prevent these attacks, but even detect and then mitigate the threat.
What can we do in 2022?
The most obvious way to limit the threat these attacks pose would be to properly invest in effective next generation cybersecurity software with a proven track record of avoiding, catching, and mitigating the risks of advanced cyber attacks. If this can then be coupled with an inhouse or outsourced/managed SOC solution with a team of analysts and/or ‘red teams’, you will be better equipped to identify and deal with these types of attacks. Furthermore, if the business can work towards a more ‘zero trust’ or alternatively known ‘least privileged’ model, this will greatly decrease the chance of lost/stolen credentials being as effective and will limit the ability for any maliciousness to spread.
Contact us to find out how we can help limit the threat of Software supply chain attacks.