cover image: CYBERDEFENSE REPORT Software Supply Chain Attacks An Illustrated Typological Review

20.500.12592/8f5nj2

CYBERDEFENSE REPORT Software Supply Chain Attacks An Illustrated Typological Review

20 Jan 2023

This is most likely due to the novel user has little insights into the quality of the de- nature of the elements being described, as well as the livered products and services across the entire sources and intents behind these different definitions at supply chain. [...] In the case of the SolarWinds/Sunburst teresting example is Trojan source attacks, which aim to campaign, the malicious actor was able to operate un- make malicious code appear different to the compiler detected for eight months before the cyber threat intel- than to the human eye.18 ligence community and the institutions affected de- tected it. [...] As a ESET, Gelsemium operates in a very targeted manner in result, the hackers were able to breach Target to steal Asia and across the Middle East, and “considering its ca- 40 million sets of credit and debit card data, and the per- pabilities, this points to the conclusion that the group is 30 sonally identifiable information of 70 million Target cus-involved in cyberespionage.” tomer accounts.34. [...] Vu, Plate an attacker pushed two malicious commits and dis- and Sabetta compiled a list of combosquatting examples guised their alterations as a fix to a typo under the name posing for PyPi (see figure 3).72 of the creator of PHP.74 The rogue code inserted a back- door into all the websites that implemented the infected repository. [...] By comparison, the certificate encompasses a set of in- Twilio is a cloud communication platform-as-a-service formation such as the name of the delivering authority, (CPaaS) company that powers communications for over the software issuer, the creation and expiration date, 40,000 businesses and its APIs help developers add and the public key.

Authors

Bund Jakob

Pages
50
Published in
Switzerland

Tables

All