Community Edition
Total Tests:
This Week:
Today:
Cyber Law Blog
Phobos Ransomware Admin Extradited From South Korea
November 21, 2024
Dark Web Crypto Mixer Founder Sentenced to Over 12 Years for Money Laundering
November 14, 2024
Global Сybercrime Сrackdown Takes Down Over 22K Malicious IPs And Servers
November 7, 2024
REvil Gang Members Sentenced
October 31, 2024
US Cop Indicted Over Buying Stolen Data
October 24, 2024
Stay in Touch

Get exclusive updates and invitations to our events and webinars:


Your data will stay confidential Private and Confidential

ImmuniWebInternational Media Coverage

ENISA Predicts Fourfold Increase in Software Supply Chain Attacks in 2021, Warning That Strong Cyber Defenses Were No Longer Effective

By Alicia Hope for CPO Magazine
Monday, August 16, 2021

The agency also advised suppliers to ensure that their product development lifecycles apply cybersecurity best practices, monitor internal and external security vulnerabilities, including third-party components, and maintain an inventory of assets for easy tracking and patch management.

“There is a clear trend to exploit misconfigured CI/CD pipelines and vulnerable cloud deployments,” says Ilia Kolochenko, Founder, CEO, and Chief Architect at ImmuniWeb. “Amid the pandemic, countless organizations rapidly moved their IT infrastructure to a cloud, while trying to save money on training and cloud-specific security hardening. Combined with legacy IT infrastructure, third-party managed servers, and software, the digitalization in 2021 made organizations a low hanging fruit for cybercriminals.”

Most supply chain attack vectors remain unknown

ENISA report found that in two-thirds (66%) of the supply chain attacks, suppliers did not know or were not transparent on how they were compromised.

Contrarily, less than 9% of customers compromised through the supply chain attacks failed to understand how the attacks happened. The difference highlighted a cybersecurity incident reporting gap between suppliers and customers.

The authors posited that considering that most compromised suppliers operate in the technology sector, there is either a poor level of maturity in protecting suppliers’ infrastructure or an unwillingness to disclose information. They warned that the lack of transparency posed serious risks to the supply chain.

“Cyber-gangs are much better organized compared to the cybersecurity industry,” Kolochenko added. “They meticulously plan and coordinate their attacks, leverage division of labor, and eventually attain impressive efficiency. Contrasted to cybersecurity teams, bad guys are never on holidays or sick leave, and will even purposely conduct swift raids while the victim organizations are the most unprepared.” Read Full Article


Previous Media Publications:

Threatpost: 100m T-Mobile Customer Records Purportedly Up for Sale

TechCentral.ie: T-Mobile investigates potential 100m user data breach

This website uses cookies to provide you with a better surfing experience. To learn more, please visit our Privacy Policy. By continuing to use this website you consent to our use of cookies.

Book a Call Ask a Question
Close
Talk to ImmuniWeb Experts
ImmuniWeb AI Platform
Have a Technical Question?

Our security experts will answer within
one business day. No obligations.

Have a Sales Question?
Email:
Tel: +41 22 560 6800 (Switzerland)
Tel: +1 720 605 9147 (USA)
*
*
*
*
Your data will stay private and confidential