Security News > 2020 > July > Survey of Supply Chain Attacks
The Atlantic Council has a released a report that looks at the history of computer supply chain attacks.
Deep Impact from State Actors: There were at least 27 different state attacks against the software supply chain including from Russia, China, North Korea, and Iran as well as India, Egypt, the United States, and Vietnam.
NotPetya, Kingslayer, SimDisk, and ShadowPad. Abusing Trust in Code Signing: These attacks undermine public key cryptography and certificates used to ensure the integrity of code.
Hijacking Software Updates: 27% of these attacks targeted software updates to insert malicious code against sometimes millions of targets.
Targeting App Stores: 22% of these attacks targeted app stores like the Google Play Store, Apple's App Store, and other third-party app hubs to spread malware to mobile devices.
News URL
https://www.schneier.com/blog/archives/2020/07/survey_of_suppl.html
Related news
- JAVS courtroom recording software backdoored in supply chain attack (source)
- Suspected supply chain attack backdoors courtroom recording software (source)
- Supply Chain Attack against Courtroom Software (source)
- Polyfill.io JavaScript supply chain attack impacts over 100K sites (source)
- Plugins on WordPress.org backdoored in supply chain attack (source)
- Over 110,000 Websites Affected by Hijacked Polyfill Supply Chain Attack (source)
- Critical Flaws in CocoaPods Expose iOS and macOS Apps to Supply Chain Attacks (source)
- 'Almost every Apple device' vulnerable to CocoaPods supply chain attack (source)
- Millions of Apple Applications Were Vulnerable to CocoaPods Supply Chain Attack (source)