Despite media coverage of the SolarWinds and Kaseya security breaches, our research shows that supply chain security in the cloud continues to grow as an emerging threat. Much remains misunderstood, both as to the nature of these attacks and the most effective means of countering them.

To better understand how supply chain attacks work in the cloud, Unit 42 researchers analyzed data from a variety of public data sources around the world and, at the request of a major SaaS vendor, conducted a red team exercise against their software development environment. Overall, the results suggest that many organizations may still be lulled into a false sense of the security of the cloud supply chain. Case in point, even with limited access to the customer’s development environment, it took a single Unit 42 researcher just three days to discover multiple critical software development flaws that could have exposed the customer to an attack similar to that of SolarWinds and Kaseya.

Building on Unit 42’s analysis of past supply chain attacks, the report explains the full scope of supply chain attacks, discusses poorly understood details of how they originated, and recommends actionable best practices that companies can apply today to address their supply chains in the Protect the cloud. .


Source link
#eBook #Cloud #Threat #Report

Leave a Reply