Why should we worry about software supply chain attacks? (Image Credit: Clément Hélardot on Unsplash)An effective software supply chain attack is pure gold to a cybercriminal. It allows them to attack one company, and then use that company to spread the attack to all its customers. The impact of such attacks can have a global reach as seen by WannaCry and Sunburst.

Ryan Olson, Vice President, Threat Intelligence, Unit 42, Palo Alto Networks (Image Credit: Ryan olson)
Ryan Olson, Vice President, Threat Intelligence, Unit 42, Palo Alto Networks

In this podcast, Enterprise Times spoke with Ryan Olson, Vice President, Threat Intelligence, Unit 42, Palo Alto Networks and Scott Dally, Director of Security Operations Centre US at NTT Ltd about supply chain attacks. ET asked them what this type of attack meant.

But should software supply chain attacks be possible? Are vendors doing enough to protect their code and distribution channel? Olson points out that in the case of SolarWinds the company itself was compromised. It is believed that this allowed the attacks to corrupt the build process and insert their malware into the SolarWinds update process.

Scott Dally, Director of Security Operations Centre US at NTT Ltd (Image Credit: NTT Ltd)
Scott Dally, Director of Security Operations Centre US at NTT Ltd

One of the concerns over this type of attack is its impact on trust between businesses and software vendors. Dally remarks that there is an inherent trust between vendors and their customers. The customer trusts that the software will do them no harm. He says: “That’s the lynchpin of why supply chain attacks are so damaging.”

Post-WannaCry there was a temptation to turn-off auto-update features. It was, thankfully, just a temporary blip as people realised the importance of auto-update. With zero-day attacks on the rise, let’s hope that SolarWinds Sunburst does not cause a repeat of that behaviour.

This is a wide-ranging podcast that talks about trust, network policies, best practices and code signing.

To hear what Olson and Dally had to say listen to the podcast.

Where can I get it?

You can listen to the podcast by clicking on the player below. Alternatively, click on any of the podcast services below and go to the Enterprise Times podcast page.

Enterprise Times on Spotify (Image Credit: Spotify)

Enterprise Times on Soundcloud (Image Credit: Soundcloud)

Enterprise Times on Google Podcasts (Image Credit: Google)

Enterprise Times on Stitcher (Image Credit: Stitcher)

Enterprise Times on Podchaser (Image Credit: Podchaser)

LEAVE A REPLY

Please enter your comment!
Please enter your name here