Understanding the Risk of Supply Chain Attacks and Open-Source Libraries...And What to Do About It

Attacks that started upstream are major news today. The REvil ransomware attack leveraging Kaseya, the Hafnium attack via Internet-facing Exchange servers, and the now-infamous SolarWinds attack earlier this year are all warnings that threat actors are shifting to the supply chain to have a single attack provide access to hundreds-to-tens of thousands of networks.

As cybercriminals look for opportunities to get into the “supply chain game”, they have turned to looking at open-source libraries as a target. The use of open-source software (OSS) is mainstream today and has led to faster development and innovation, but also has increased the risk of vulnerabilities. Since development is focused on a libraries’ functionality, testing it to see if it is secure isn’t front of mind.

This puts the security of your organization’s supply chain in question. With most cyber insurance policies - and even the White House’s latest Executive Order requiring a secure supply chain - the need to ensure your organization's supply chain is secure falls on internal IT.

In this webinar, our own Sean Wright joins cybersecurity expert Nick Cavalancia, to discuss:

• The state of supply chain attacks
• The prevalence of open-source software today
• Mapping supply chain attacks to the MITRE ATT&CK Framework

In addition, Sean highlights the insecurities found in today’s open-source code by performing a live demonstration that includes:

• Inject a payload in an open-source library
• Using the payload to gain a reverse shell to a downstream systems