Security News > 2021 > July > Sysadmins: Why not simply verify there's no backdoor in every program you install, and thus avoid any cyber-drama?

Half of publicly reported supply chain attacks were carried out by "Well known APT groups", according to an analysis by EU infosec agency ENISA, which warned such digital assaults need to drive "New protective methods."

Juhan Lepassaar, ENISA's exec director, said in a canned statement: "Due to the cascading effect of supply chain attacks, threat actors can cause widespread damage affecting businesses and their customers all at once. With good practices and coordinated actions at EU level, Member States will be able to reach a similar level of capabilities raising the common level of cybersecurity in the EU.".

"An additional characteristic of supply chain attacks involves the complexity in handling them and the efforts required to mitigate and address such attacks," said ENISA in its report.

To the best of our knowledge, all we really know is that, according to Kaseya, "The attackers were able to exploit zero-day vulnerabilities in the VSA product to bypass authentication and run arbitrary command execution. This allowed the attackers to leverage the standard VSA product functionality to deploy ransomware to endpoints."

ENISA, which is soon to be dragged from its Greek home - split between capital Athens and the sunny island of Heraklion - to the grey towers of Brussels, also proposed its own unique taxonomy for analyzing supply chain attacks.

"In order to compromise the targeted customers, attackers focused on the suppliers' code in about 66 per cent of the reported incidents," noted ENISA. "This shows that organisations should focus their efforts on validating third-party code and software before using them to ensure these were not tampered with or manipulated."

News URL

https://go.theregister.com/feed/www.theregister.com/2021/07/31/enisa_supply_chain_attack_report/