eBook: Cloud Threat Report 2H 2021
Despite the media coverage afforded to the SolarWinds and Kaseya breaches, our research indicates supply chain security in the cloud continues its growth as an emerging threat. Much remains misunderstood about both the nature of these attacks and the most effective means of defending against them.
To better understand how supply chain attacks occur in the cloud, Unit 42 researchers analysed data from a variety of public data sources around the world and, at the request of a large SaaS provider, executed a red team exercise against their software development environment. Overall, the findings indicate that many organisations may still be lulled into a false sense of supply chain security in the cloud. Case in point: Even with limited access to the customer’s development environment, it took a single Unit 42 researcher only three days to discover several critical software development flaws that could have exposed the customer to an attack similar to that of SolarWinds and Kaseya.
Drawing on Unit 42’s analysis of past supply chain attacks, the report explains the full scope of supply chain attacks, discusses poorly understood details about how they occur, and recommends actionable best practices that organisations can adopt today to help protect their supply chains in the cloud.