On 8-Dec-2022, Google’s security research unit has released the first in a series of useful software-supply-chain security reports. According to Google:
The report comes near the two year anniversary of the cyber attack on SolarWinds, which disrupted critical networks, actively exploiting nine federal agencies and about 100 private sector companies. The sophistication and scale of the attack were unprecedented and reportedly cost businesses and government agencies almost $100 billion.
Since the SolarWinds incident, governments and industry have made important strides in raising awareness and addressing software supply chain issues, however we continue to see a sharp increase in software supply chain attacks across almost every sector. In fact, Mandiant research shows software supply chain is now the second most prevalent initial infection vector into victim systems. Given the increase in supply chain attacks, critical infrastructure owners and operators should take measures to address related risks.
Read more by clicking the button below.
Supply-chain threat model schematic
