Security News > 2021 > December > The ripple effect: Why protection against supply chain attacks is a must
Whether or not it was a state-sponsored venture, this attack proved to be a huge wake-up call and shone a spotlight on software supply chain attacks.
Hence the emergence of one of the key growing attack vectors in 2021: the "Web supply chain attack".
This is the essence of a web supply chain attack - breaching a third-party service provider, injecting malicious code into the actual service and, as a result, spreading it to every website that uses it.
The UK's National Cyber Security centre offers some useful advice when it comes to assessing supply chain security and assessing supply chain management practice.
It's a useful starting point but dealing with web supply chain attacks requires an in-depth look at third-party code usage.
The SolarWinds supply chain attack certainly ruffled a lot of important feathers.
News URL
https://www.helpnetsecurity.com/2021/12/01/supply-chain-attacks-protection/
Related news
- Coinbase Initially Targeted in GitHub Actions Supply Chain Attack; 218 Repositories' CI/CD Secrets Exposed (source)
- ⚡ THN Weekly Recap: GitHub Supply Chain Attack, AI Malware, BYOVD Tactics, and More (source)
- Recent GitHub supply chain attack traced to leaked SpotBugs token (source)
- SpotBugs Access Token Theft Identified as Root Cause of GitHub Supply Chain Attack (source)
- That massive GitHub supply chain attack? It all started with a stolen SpotBugs token (source)
- Ripple's xrpl.js npm Package Backdoored to Steal Private Keys in Major Supply Chain Attack (source)
- Ripple NPM supply chain attack hunts for private keys (source)
- Magento supply chain attack compromises hundreds of e-stores (source)
- Malicious Go Modules Deliver Disk-Wiping Linux Malware in Advanced Supply Chain Attack (source)
- Supply chain attack hits npm package with 45,000 weekly downloads (source)