Security News > 2020 > July > Survey of Supply Chain Attacks
The Atlantic Council has a released a report that looks at the history of computer supply chain attacks.
Deep Impact from State Actors: There were at least 27 different state attacks against the software supply chain including from Russia, China, North Korea, and Iran as well as India, Egypt, the United States, and Vietnam.
NotPetya, Kingslayer, SimDisk, and ShadowPad. Abusing Trust in Code Signing: These attacks undermine public key cryptography and certificates used to ensure the integrity of code.
Hijacking Software Updates: 27% of these attacks targeted software updates to insert malicious code against sometimes millions of targets.
Targeting App Stores: 22% of these attacks targeted app stores like the Google Play Store, Apple's App Store, and other third-party app hubs to spread malware to mobile devices.
News URL
https://www.schneier.com/blog/archives/2020/07/survey_of_suppl.html
Related news
- Supply Chain Attacks Can Exploit Entry Points in Python, npm, and Open-Source Ecosystems (source)
- LottieFiles hit in npm supply chain attack targeting users' crypto (source)
- LottieFiles hacked in supply chain attack to steal users’ crypto (source)
- LottieFiles supply chain attack exposes users to malicious crypto wallet drainer (source)