Security News > 2020 > July > Survey of Supply Chain Attacks
The Atlantic Council has a released a report that looks at the history of computer supply chain attacks.
Deep Impact from State Actors: There were at least 27 different state attacks against the software supply chain including from Russia, China, North Korea, and Iran as well as India, Egypt, the United States, and Vietnam.
NotPetya, Kingslayer, SimDisk, and ShadowPad. Abusing Trust in Code Signing: These attacks undermine public key cryptography and certificates used to ensure the integrity of code.
Hijacking Software Updates: 27% of these attacks targeted software updates to insert malicious code against sometimes millions of targets.
Targeting App Stores: 22% of these attacks targeted app stores like the Google Play Store, Apple's App Store, and other third-party app hubs to spread malware to mobile devices.
News URL
https://www.schneier.com/blog/archives/2020/07/survey_of_suppl.html
Related news
- That massive GitHub supply chain attack? It all started with a stolen SpotBugs token (source)
- Ripple's xrpl.js npm Package Backdoored to Steal Private Keys in Major Supply Chain Attack (source)
- Ripple NPM supply chain attack hunts for private keys (source)
- Magento supply chain attack compromises hundreds of e-stores (source)
- Malicious Go Modules Deliver Disk-Wiping Linux Malware in Advanced Supply Chain Attack (source)
- Supply chain attack hits npm package with 45,000 weekly downloads (source)
- RVTools hit in supply chain attack to deliver Bumblebee malware (source)
- DragonForce ransomware abuses SimpleHelp in MSP supply chain attack (source)