Security News > 2022 > June > Supply chain attacks will get worse: Microsoft Security Response Center boss

Major supply-chain attacks of recent years - we're talking about SolarWinds, Kaseya and Log4j to name a few - are "Just the tip of the iceberg at this point," according to Aanchal Gupta, who leads Microsoft's Security Response Center.
As the head of MSRC, Gupta has a unique vantage point.
Her view spans all of Microsoft's products and services, as well as visibility across industry partners' software and tools plus customers' environments including government agencies.
"The reason we will have a continuation of these supply chain attacks is our reliance on third party software and open source software is only growing," she said.
Gupta, who previously worked as a developer at Microsoft and Facebook, said she remembers when the news about the Log4j exploit broke.
"When we ship something, or when we consume something, what are the downstream dependencies? It's critical for us to be very well aware of that," and Microsoft maintains a software dependency index, which helped the MSRC respond quickly to Log4j, Gupta noted.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/06/09/microsoft_supply_chain_attacks/
Related news
- Microsoft Identifies 3,000 Leaked ASP.NET Keys Enabling Code Injection Attacks (source)
- Microsoft shares workaround for Windows security update issues (source)
- Microsoft Uncovers Sandworm Subgroup's Global Cyber Attacks Spanning 15+ Countries (source)
- North Korea targets crypto developers via NPM supply chain attack (source)
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Microsoft fixes Power Pages zero-day bug exploited in attacks (source)
- Botnet targets Basic Auth in Microsoft 365 password spray attacks (source)
- Bybit Hack Traced to Safe{Wallet} Supply Chain Attack Exploited by North Korean Hackers (source)
- CrowdStrike Security Report: Generative AI Powers Social Engineering Attacks (source)
- New ClickFix attack deploys Havoc C2 via Microsoft Sharepoint (source)