For reasons we all know, software supply chain attacks took on new meaning near the end of 2020. This hasn’t changed over this year. One of the best modern ways to combat these cyberattacks is to integrate a secure software development framework (SSDF) into a vendor’s software development life cycle (SDLC). Why is this such an important way to prevent software supply chain attacks? And how can you put it in place?
Recent Cyberattacks Show Attackers’ Tactics
To illustrate, the following three supply chain attacks made headlines in the first half of the year.
Throughout December 2020 and January 2021, a firewall vendor released a patch for four vulnerabilities affecting its file transfer application. The new year began with dozens of businesses and government entities announcing they had suffered a breach as a result of the software flaws. Wired reported that many of those incidents involved extortion at the hands of the Clop ransomware gang.
Other attackers struck with four zero day flaws in an email server product. The software developer released patches to address the flaws on March 2 — after a “highly skilled and sophisticated actor” began exploiting the flaws as part of a series of attack campaigns. The software fixes didn’t prevent other threat actors from seizing on the weaknesses and spreading more malware strains.
In June, researchers uncovered software supply chain cyberattacks involving an Android emulator for PCs and Macs. Threat actors compromised the update mechanism and used it to di ..
Support the originator by clicking the read the rest link below.
