In July, REvil, a Russian cybercriminal gang, was able to shut down the IT systems of 800 Swedish grocery stores, a couple of New Zealand schools, two Maryland town governments, and around a thousand other enterprises around the world. The attackers discovered that Kaseya, a software used by IT service contractors to remotely manage corporate networks, had numerous cybersecurity vulnerabilities. By attacking Kaseya, REvil gained a backdoor into the IT systems of the many organizations the software supported. Kaseya was thus a potent attack vector.

We should now turn our attention to linchpin technology services and products that, if compromised, would have similarly far-reaching impacts. Today, most software products rely on thousands of prewritten packages produced by vendors or drawn from open source libraries. The most commonly used of these third-party software supply chain components are highly prized targets…

Read more…

Share.

Comments are closed.