BankInfoSecurity
Compliance
March 29, 2021
March 25, 2021
March 25, 2021
Compliance Twitter
Trey Herr, director of the Cyber Statecraft Initiative at the Atlantic Council
The threat posed by software supply chain attacks is growing, but organizations can take steps to minimize the risks.
Trey Herr, co-author of a study of more than 100 supply chain compromises that was released last year by the Atlantic Council, says attackers, particularly state-affiliated ones, look to compromise roots of trust in the software supply chain.
“We think about software supply chain attacks as being unusual or exotic,” says Herr, director of the Atlantic Council’s Cyber Statecraft Initiative. “Really, there’s been a tremendous number of them over the last decade.”
Get Permission
Email security provider Mimecast says hackers compromised a digital certificate that encrypts data that moves between several of its products and Microsoft’s servers, putting organizations at risk of data loss.
The certificate, which is issued by Mimecast, encrypts data exchanged between the company’s Sync and Recover, Continuity Monitor and Internal Email Protect products and Microsoft 365 Exchange Web Services.
Mimecast, which is based in London, says that 10% of its customers, or about 3,900, use this type of connection between its products and Microsoft. In its last earnings call in November 2020, Mimecast reported it has 39,200 customers around the world.
Get Permission
Investigators probing the supply chain attack that hit SolarWinds say attackers successfully hacked the company s Microsoft Visual Studio development tools to add a backdoor into software builds.
The backdoor, dubbed Sunburst, was added to the company s Orion network monitoring software beginning in March 2020. Up to 18,000 customers installed and ran the Trojanized software. Attackers then used the backdoor to target a subset of customers, perhaps numbering in the hundreds, for second-stage attacks, which could have led to data exfiltration, eavesdropping - including email inbox access - and follow-on attacks against business partners.
SolarWinds CEO Sudhakar Ramakrishna
On Monday, Austin, Texas-based SolarWinds released an update on its attack investigation, reporting that investigators have successfully reverse-engineered code that attackers injected into its software development tools.