September confirmed some things we already knew about the current state of cybercrime: While undersecured corporate targets remain tempting targets for hackers, the situation is increasingly worse for data-rich organizations such as governments, schools, and healthcare facilities. All of those sectors had cause for concern as the month drew to a close.
Supply chains are at the front of everyone’s minds right now. From fuel and food to toys at Christmas – the general public are starting to understand just how finely balanced the global supply chain truly is. Events like microchip shortages in Taiwan and the Ever Given blocking the Suez canal show how interconnected modern economies are, and how dependent our huge populations are on effective supply chains.
Since the covid-19, the cyber incident ratio has drastically increased and shows no signs of settling down. In just one year, cyber-attacks have targeted big enterprises, government agencies of the world’s leading countries, educational institutes, non-government organisations (NGOs), and small to mid-sized businesses. It is estimated that threat actors carry out cyber attacks every 39 seconds, which is relatively faster than before.
As the threat landscape evolves faster than we can keep up with, organizations must be aware of the type of threats they may face. Certain threat types, like ransomware and malware, are more prominent and therefore must be fought with the appropriate resources. On the other hand, some threat types are not prevalent and pose significantly less risk. However, just because a specific threat isn’t as widespread does not mean we shouldn’t take it seriously.
There is a lot of information out there (and growing) on software supply chain security. This info covers the basics around source and build, but does it cover all of your full software supply chain lifecycle? Is your build env at runtime protected? Is your application post deploy protected at runtime? This article will not only discuss what these concepts are, but provide additional discussions around the following: Read on brave reader…
Attacks executed through builds abuse trust we have in our build tools, IDEs, and software projects.
Malicious actors are constantly finding new ways to deliver their malicious payloads. With the recent migration of businesses moving to web application-based services, file storage, email, calendar, and other channels have become valuable means for delivering malicious code and payloads. In some instances, these services are abused as Command and Control infrastructure since many enterprises trust these services by default.