Articles about supply chain attacks

New analysis of recent high-profile breaches and global threat patterns, reveals a cybersecurity landscape dominated by AI-enhanced attacks, organized cybercrime, and rapid exploitation of zero-day vulnerabilities.

The research, from compliance automation platform Secureframe, shows critical infrastructure, healthcare, and financial services have become primary targets as threat actors evolve faster than traditional defenses.

Continue reading →

Increased use of open source and third-party code leaves organizations open to more attacks on the software supply chain.

Open source vulnerabilities have become a prime target for attackers and organizations need to strengthen their defenses. We spoke to Richard Clark, senior solutions architect at JFrog, to discuss the importance of proactive measures in protecting against these threats.

Continue reading →

New research from Orange Cyberdefense shows that 58 percent of large UK financial services firms suffered at least one third-party supply chain attack in 2024, with 23 percent being targeted three or more times.

The research suggests that firms must re-evaluate how they assess third-party risk. 44 percent of FS institutions only assess third-party risk during the initial supplier onboarding stage, while a similar proportion (41 percent) perform periodic risk assessments. Crucially, just 14 percent follow the gold standard of continuously assessing risk and using dedicated third-party risk management tools.

Continue reading →

Software supply chain attacks have increasingly made the headlines in recent years. They occur when attackers change the code in third-party software components in order to compromise the applications using them.

These attacks can be used to steal data, corrupt systems or move laterally through networks. We spoke to Ansh Patnaik, chief product officer at CyCognito, to learn more about this type of attack and how to combat it.

Continue reading →

According to Gartner, 60 percent of organizations work with over 1,000 third parties, and a new report shows many of these supply misconfigured or vulnerable hardware and software, putting customers at risk.

The study from CyCognito finds web server environments, including platforms like Apache, NGINX, Microsoft IIS, and Google Web Server, were the host of 34 percent of all severe issues across surveyed assets. They accounted for more severe issues than 54 other environments combined (out of 60 environments surveyed),

Continue reading →

We are living in a time when siloed businesses are increasingly rare. Supply chains are the lifeblood of modern organizations, enabling the seamless flow of goods, services, and information. This interconnected network creates a trade ecosystem vital to the survival of both businesses and consumers. 

So, understandably, when a cyberattack disrupts this critical process, the immediate response is often panic-driven -- focusing solely on getting operations back online as quickly as possible. While restoring functionality is essential, this approach frequently overlooks a crucial aspect: rebuilding security.

Continue reading →

A new study from Checkmarx reveals that 63 percent of organizations surveyed have been victims of a supply chain attack in the last two years, while 18 percent have suffered an attack in the last year.

Even more worrying is that that 100 percent of the large enterprises represented by 900 AppSec professionals responding from the United States, Europe and Asia-Pacific have been the victims of a software supply chain attack at some point.

Continue reading →

Digital transformation is becoming integral to procurement success. In fact, 77 percent of companies have adopted peer-to-peer (P2P) and source-to-contract (S2C) systems. However, acknowledging the importance of digital transformation and taking full advantage of its benefits are two very different things.

Yes, procurement technologies can provide organizations with a competitive advantage and improve operational efficiency, but these benefits are only possible when there is a trusted supplier data foundation. Even as leaders look to digital technologies to accelerate their procurement processes, they run into a consistent and demoralizing roadblock: low-quality supplier data. Whether it’s inaccurate, piecemeal or missing, bad supplier data can lead to extensive time spent on manual outreach, a reliance on supplier portals and conflicting data sources -- ultimately hindering the progress of digital transformation.

Continue reading →

This year has seen twice as many software supply chain attacks as 2019-2022 combined and one in eight open source downloads today pose known and avoidable risks.

The latest State of the Software Supply Chain Report from Sonatype, which logged 245,032 malicious packages in 2023, also shows that 96 percent of vulnerabilities are still avoidable.

Continue reading →

Researchers at Checkmarx have detected several open-source software supply chain attacks that specifically target the banking sector.

These attacks use advanced techniques, including targeting specific components in web assets of the victim bank by attaching malicious functionalities to them. The attackers employed deceptive tactics such as creating fake LinkedIn profiles to appear credible and customized command and control centers for each target, exploiting legitimate services for illicit activities.

Continue reading →

Across the interconnected global economy, complex supply chains ensure the seamless flow of goods and services across every industry. However, as cyber threats continue to evolve, organizations throughout this ecosystem are, often unknowingly, being exposed to more and more security risks as a direct result of being part of the chain. This creates a range of critical challenges for organizations whose very existence is dependent on the reliability and integrity of their supply chains at all their various levels.

Understanding the various stages of contemporary supply chains -- from material sourcing to manufacturing, transportation, warehousing, and distribution -- is essential for identifying potential vulnerabilities, with each stage susceptible to different types of risks.

Continue reading →

Remote and hybrid teams are increasingly adopting digital tools to get their jobs done. But while this strengthens productivity for workers it risks compromise to the business's security. In turn, this has exacerbated the need for additional layers of supervision and oversight.

Ungoverned connections leave businesses open to supply chain attacks, data breaches and more. We spoke to Astrix Security CEO and co-founder Alon Jackson to discuss these challenges and how to safely and securely manage the new digital workplace.

Continue reading →

Recent supply chain attacks such as SolarWinds, Log4j and 3CX have highlighted the need to protect the software supply chain as well as the potential consequences of failing to properly assess the integrity of software.

A new report from software supply chain security management company Lineaje looks at the composition of open-source software and assesses the risks associated with its usage.

Continue reading →

In recent years supply chain attacks have become much more commonplace, targeting vulnerabilities and getting legitimate apps to distribute malware.

We spoke to Nir Valtman, CEO and founder at Arnica, to discuss the issues these attacks raise and how organizations can defend against them.

Continue reading →

The cybersecurity world never stands still, with threats and the technology to combat them constantly evolving.

That makes predicting what might happen difficult, but we can still extrapolate current trends to get an indication of where things might be headed. Here are some expert predictions for cybersecurity in 2023.

Continue reading →