Security News > 2021 > October > Cybersecurity Awareness Month: Listen up – CYBERSECURITY FIRST!
First one, just before Christmas, was the SolarWinds attack, where criminals who had managed to compromise that software chain were able to subsequently hit people that were already using the software.
In the case of the Kaseya attack, this Kaseya agent was already running on lots of these endpoints, and by compromising higher up the chain, the bad guys are able to issue their malicious commands across all of the machines that were running that particular software.
Loosely speaking, from a software point of view, a supply chain attack simply means that instead of attacking you directly, the crooks just attack someone one or two or three steps up the chain.
Rather than dedicating all that effort into building up your attack weaponry, you could invest that same effort into building up developers with high reputation on some of these open source projects, contributing positively.
You tend to find that they try and initiate an attack, and a good security product will block that attack, but they're still on the network.
Whatever security product you have has to succeed 100% of the time to prevent that particular attack succeeding.
News URL
https://nakedsecurity.sophos.com/2021/10/25/becybersmart-2021-week4/
Related news
- One-Third of UK Teachers Lack Cybersecurity Training, While 34% Experience Security Incidents (source)
- Cybersecurity Awareness Lags as Global Workforce Engages in Risky AI Practices (source)
- A closer look at the 2023-2030 Australian Cyber Security Strategy (source)
- The ROI of Security Investments: How Cybersecurity Leaders Prove It (source)