Technology

ZD Tech: Supply Chain Attacks, Backstabbing

Hello everyone and welcome to ZD Tech, ‘s daily editorial podcast. My name is Louis Adam and today I will explain what are supply chain attacks and why are they so feared.

If you own a business, you want to take cybersecurity seriously. But no matter what is the best way to configure all your firewalls, apply all security patches, and reset employee passwords every three weeks, there will always be a variable that you have no control over.

This variable is the security of your software vendors. And that, the attackers got it right.

SolarWinds and Kaseya

It is this spring that supply chain attacks, or “supply chain attacks” in English, are based. I am talking about the software supply chain here.

The problem is how much confidence you can trust, not in your own security, but in the security of the software vendors your company uses.

There are many examples of this type of attack. Among the best known, we can cite the Solarwinds attack, or the one that targeted Kaseya.

The details of the attacks are different each time. But the logic remains the same. Instead of directly attacking their target, the cybercriminal will seek to compromise a partner or supplier of the same. The objective: to exploit the bond of trust between the two entities to reach their final victim.

The CCleaner case

A good example of this type of attack is the attack directed at CCleaner.

CCleaner is a very popular PC cleaning utility. In 2017, attackers successfully hacked into CCleaner’s update system. Their goal was to release a software update that contained malicious code.

And this corrupt update has been downloaded by just over a million users. Average, as it looked like a completely genuine update.

But the malware was only activated on certain devices handpicked by hackers. So the computers actually affected by this attack belonged only to companies like Sony, VMware, Samsung or even Intel. The real targets of the attack on CCleaner were them. And CCleaner was just one way to reach them.

The weakest link

This is the flaw of supply chain attacks. To protect yourself from cyber attacks, one of the main recommendations is to apply security updates from software vendors.

But when the danger comes precisely from these updates, what to do? Well, for now, there really isn’t a solution.

Strengthening vendor security may be considered, but there will always be a less secure link in the software supply chain. And it is this link that cybercriminals try to target in order to achieve their ends.

Find ZD Tech on podcast platforms

  • To subscribe to Le ZD Tech on Apple Podcast, click here
  • To subscribe to Le ZD Tech on Spotify, you are here
  • To subscribe to Le ZD Tech on Deezer, you are here
  • To subscribe to Le ZD Tech on Podcast Addict, click here
  • To subscribe to Le ZD Tech on Amazon Music, click here
  • To subscribe to Le ZD Tech on Google Podcast, click here
  • To subscribe to Le ZD Tech on Pocket Casts, click here
  • To subscribe to Le ZD Tech on Castbox, click here
  • To subscribe to Le ZD Tech on Overcast, click here
  • To subscribe to Le ZD Tech in Castro, click here
  • To subscribe to Le ZD Tech on Podtail, click here
  • To subscribe to Le ZD Tech on TuneIn, click here
  • To subscribe to Le ZD Tech on Podnews, you are here
  • To subscribe to Le ZD Tech on Listen Notes, you are here
  • To subscribe to Le ZD Tech on Chartable, click here
  • To subscribe to Le ZD Tech on Cast Box, click here
  • To subscribe to Le ZD Tech on Android, you are here

Woodmart Theme Nulled, WP Reset Pro, Newspaper 11.2, Newspaper – News & WooCommerce WordPress Theme, Premium Addons for Elementor, Rank Math Seo Pro Weadown, WeaPlay, WordPress Theme, Plugins, PHP Script, Jannah Nulled, Elementor Pro Weadown, Woocommerce Custom Product Ad, Business Consulting Nulled, Jnews 8.1.0 Nulled, Avada 7.4 Nulled, Nulledfire, Dokan Pro Nulled, Yoast Nulled, Flatsome Nulled, PW WooCommerce Gift Cards Pro Nulled, Astra Pro Nulled, Woodmart Theme Nulled, Slider Revolution Nulled, Wordfence Premium Nulled, Elementor Pro Weadown, Wpml Nulled, Consulting 6.1.4 Nulled, Fs Poster Plugin Nulled

Back to top button