Security News > 2021 > October > Cybersecurity Awareness Month: Listen up – CYBERSECURITY FIRST!
First one, just before Christmas, was the SolarWinds attack, where criminals who had managed to compromise that software chain were able to subsequently hit people that were already using the software.
In the case of the Kaseya attack, this Kaseya agent was already running on lots of these endpoints, and by compromising higher up the chain, the bad guys are able to issue their malicious commands across all of the machines that were running that particular software.
Loosely speaking, from a software point of view, a supply chain attack simply means that instead of attacking you directly, the crooks just attack someone one or two or three steps up the chain.
Rather than dedicating all that effort into building up your attack weaponry, you could invest that same effort into building up developers with high reputation on some of these open source projects, contributing positively.
You tend to find that they try and initiate an attack, and a good security product will block that attack, but they're still on the network.
Whatever security product you have has to succeed 100% of the time to prevent that particular attack succeeding.
News URL
https://nakedsecurity.sophos.com/2021/10/25/becybersmart-2021-week4/
Related news
- Sophos: Cyber Security Professional Burnout Is Widespread, Creating Risk for APAC Organisations (source)
- Proofpoint: APAC Employees Are Choosing Convenience, Speed Over Cyber Security (source)
- 3 UK Cyber Security Trends to Watch in 2024 (source)
- GenAI can enhance security awareness training (source)
- Prompt Hacking, Private GPTs, Zero-Day Exploits and Deepfakes: Report Reveals the Impact of AI on Cyber Security Landscape (source)