Security News > 2020 > July > Survey of Supply Chain Attacks
The Atlantic Council has a released a report that looks at the history of computer supply chain attacks.
Deep Impact from State Actors: There were at least 27 different state attacks against the software supply chain including from Russia, China, North Korea, and Iran as well as India, Egypt, the United States, and Vietnam.
NotPetya, Kingslayer, SimDisk, and ShadowPad. Abusing Trust in Code Signing: These attacks undermine public key cryptography and certificates used to ensure the integrity of code.
Hijacking Software Updates: 27% of these attacks targeted software updates to insert malicious code against sometimes millions of targets.
Targeting App Stores: 22% of these attacks targeted app stores like the Google Play Store, Apple's App Store, and other third-party app hubs to spread malware to mobile devices.
News URL
https://www.schneier.com/blog/archives/2020/07/survey_of_suppl.html
Related news
- Blue Yonder ransomware attack disrupts grocery store supply chain (source)
- OpenWrt orders router firmware updates after supply chain attack scare (source)
- Update your OpenWrt router! Security issue made supply chain attack possible (source)
- Ultralytics Supply-Chain Attack (source)
- 390,000 WordPress accounts stolen from hackers in supply chain attack (source)
- Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack (source)
- It's only a matter of time before LLMs jump start supply-chain attacks (source)