What types of attacks have we seen in recent months?
The most common types of supply chain attacks cover three areas: software, devices, and people. Allow me to elaborate on these three areas…
Software security
As more and more supply chains rely on software, attackers can breach code repositories to which they add malicious code or disrupt operations. Once that happens, misconfigured systems or vulnerabilities are exploited and systems are disrupted, which are used to compromise services and operations. These attacks affect the services provided by the supplier and, in turn, anyone else that depends on those services for their business operations.
Attacks via connected devices
At any point in a supply chain in which there is a connection between devices or networks, one can find the opportunity to exploit a device that connects to the network to plant malware. Devices can include servers, desktops, HVAC systems, power, security, network-connected CCTV systems and so on. When users connect to a network, they generally do so with a wide range of devices, including laptops, phones, tablets, USB keys, etc. which, in turn, may carry malicious payloads that can spread to any…