As per a report by ReversingLabs, cybercriminals are expected to intensify attacks on the software supply chain in 2023, a trend that started with theSUNBURST attack in 2020.
The malware was disseminated via an update to SolarWinds' Orion network management platform and affected 33,000 organizations worldwide, including Fortune 500 firms and government agencies.
Such attacks on the software supply chain have now become the preferred playground for cybercriminals, as it provides a base for profitable attacks, cyber espionage, and a tool to display their power.
This risk is magnified by the heavy reliance on central cloud-based infrastructure, centralized automated update mechanisms, and the use of off-the-shelf commercial packages and third-party open-source code for software development. ReversingLabs anticipates a shift in security thinking and investment to address these risks.
To mitigate the risks, it is recommended to update software and systems regularly, use software from trusted sources, implement code signing, perform regular security assessments, use security tools, follow secure software development practices, and train employees to identify and avoid social engineering and phishing attempts.
The Israel National Cyber Directorate has published a methodology and set of tools for examining and certifying suppliers to assess risks and understand the supplier's level of protection.
Comments