Security News > 2022 > June > Supply chain attacks will get worse: Microsoft Security Response Center boss

Major supply-chain attacks of recent years - we're talking about SolarWinds, Kaseya and Log4j to name a few - are "Just the tip of the iceberg at this point," according to Aanchal Gupta, who leads Microsoft's Security Response Center.
As the head of MSRC, Gupta has a unique vantage point.
Her view spans all of Microsoft's products and services, as well as visibility across industry partners' software and tools plus customers' environments including government agencies.
"The reason we will have a continuation of these supply chain attacks is our reliance on third party software and open source software is only growing," she said.
Gupta, who previously worked as a developer at Microsoft and Facebook, said she remembers when the news about the Log4j exploit broke.
"When we ship something, or when we consume something, what are the downstream dependencies? It's critical for us to be very well aware of that," and Microsoft maintains a software dependency index, which helped the MSRC respond quickly to Log4j, Gupta noted.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/06/09/microsoft_supply_chain_attacks/
Related news
- New ClickFix attack deploys Havoc C2 via Microsoft Sharepoint (source)
- China-Linked Silk Typhoon Expands Cyber Attacks to IT Supply Chains for Initial Access (source)
- URGENT: Microsoft Patches 57 Security Flaws, Including 6 Actively Exploited Zero-Days (source)
- Patch Tuesday: Microsoft Fixes 57 Security Flaws – Including Active Zero-Days (source)
- GitHub supply chain attack spills secrets from 23,000 projects (source)
- Supply chain attack on popular GitHub Action exposes CI/CD secrets (source)
- Google acquisition target Wiz links fresh supply chain attack to 23K pwned GitHub repos (source)
- GitHub Action hack likely led to another in cascading supply chain attack (source)
- GitHub Action supply chain attack exposed secrets in 218 repos (source)
- Coinbase Initially Targeted in GitHub Actions Supply Chain Attack; 218 Repositories' CI/CD Secrets Exposed (source)