Posts

Best practices to ward off software supply chain attacks

  Every year, cyber criminals keep on innovating and fine-tuning their techniques to exploit vulnerabilities and breach the best of defenses set up  by enterprises. In 2021, the world discovered a new attack vector — trusted software being used to install malware and gain privileged access.. Hackers exploit the fact the software and the updates being pushed are trusted .This attack vector was first seen in the case of the highly publicized SolarWinds attack. However, it is not the only example.  Since the discovery, the industry has observed acceleration in supply chain attacks. This includes Kaseya (which impacted more than thousand organizations due to the attack against its key product, VSA, which is used by MSPs to remotely monitor and deploy IT services), Codecov (an online software testing platform whose software was compromised to gain access to application code, data stores and services) and the more recent Log4j (a logging framework which is used to provide logging services to