Over the last 12 months, supply chain attacks have grown four-fold with threat actors focusing their efforts on three main
vectors to conduct supply chain attacks: (i) finding and exploiting software, service flaws, and dependencies; (ii) using backdoor open-source software code to distribute malware; (iii) and poisoning binary artifact repositories.
But what is driving the rapid explosion of supply chain attacks?
Supply chain attacks offer threat actors stealthy, scalable, and privileged access to any organization’s on-premises, cloud, or
Stealthy, because components of a software supply chain attack can often bypass traditional security controls using
privileged access, application exclusions, and zero-day exploits.
Scalable, because poisoning a supply chain vendor can affect numerous downstream customers.
Privileged, because customers of supply chain vendors often rely on the vendor’s management software for their
business operations. Zero-day exploits in those management software platforms can easily allow untrusted code
to be executed from a trusted source.