Security News > 2022 > June > Supply chain attacks will get worse: Microsoft Security Response Center boss
Major supply-chain attacks of recent years - we're talking about SolarWinds, Kaseya and Log4j to name a few - are "Just the tip of the iceberg at this point," according to Aanchal Gupta, who leads Microsoft's Security Response Center.
As the head of MSRC, Gupta has a unique vantage point.
Her view spans all of Microsoft's products and services, as well as visibility across industry partners' software and tools plus customers' environments including government agencies.
"The reason we will have a continuation of these supply chain attacks is our reliance on third party software and open source software is only growing," she said.
Gupta, who previously worked as a developer at Microsoft and Facebook, said she remembers when the news about the Log4j exploit broke.
"When we ship something, or when we consume something, what are the downstream dependencies? It's critical for us to be very well aware of that," and Microsoft maintains a software dependency index, which helped the MSRC respond quickly to Log4j, Gupta noted.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/06/09/microsoft_supply_chain_attacks/
Related news
- Microsoft Fixes AI, Cloud, and ERP Security Flaws; One Exploited in Active Attacks (source)
- Update your OpenWrt router! Security issue made supply chain attack possible (source)
- Microsoft Entra "security defaults" to make MFA setup mandatory (source)
- LottieFiles hit in npm supply chain attack targeting users' crypto (source)
- LottieFiles hacked in supply chain attack to steal users’ crypto (source)
- LottieFiles supply chain attack exposes users to malicious crypto wallet drainer (source)
- Stop LUCR-3 Attacks: Learn Key Identity Security Tactics in This Expert Webinar (source)
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)
- Microsoft pulls Exchange security updates over mail delivery issues (source)