Security News > 2020 > July > Survey of Supply Chain Attacks
The Atlantic Council has a released a report that looks at the history of computer supply chain attacks.
Deep Impact from State Actors: There were at least 27 different state attacks against the software supply chain including from Russia, China, North Korea, and Iran as well as India, Egypt, the United States, and Vietnam.
NotPetya, Kingslayer, SimDisk, and ShadowPad. Abusing Trust in Code Signing: These attacks undermine public key cryptography and certificates used to ensure the integrity of code.
Hijacking Software Updates: 27% of these attacks targeted software updates to insert malicious code against sometimes millions of targets.
Targeting App Stores: 22% of these attacks targeted app stores like the Google Play Store, Apple's App Store, and other third-party app hubs to spread malware to mobile devices.
News URL
https://www.schneier.com/blog/archives/2020/07/survey_of_suppl.html
Related news
- PlushDaemon APT Targets South Korean VPN Provider in Supply Chain Attack (source)
- IPany VPN breached in supply-chain attack to push custom malware (source)
- Supply chain attack hits Chrome extensions, could expose millions (source)
- Abandoned AWS S3 buckets can be reused in supply-chain attacks that would make SolarWinds look 'insignificant' (source)
- North Korea targets crypto developers via NPM supply chain attack (source)
- Bybit Hack Traced to Safe{Wallet} Supply Chain Attack Exploited by North Korean Hackers (source)
- China-Linked Silk Typhoon Expands Cyber Attacks to IT Supply Chains for Initial Access (source)