Supply Chain Security
The manual supply chain attack against SolarWinds’ Orion network monitoring platform has sent shockwaves throughout the world, with Russian foreign intelligence service (SVR) hackers compromising nine elite U.S. government agencies and roughly 100 prominent private sector companies through a malicious Orion update.
More recently, the REvil gang exploited a flaw in Kaseya’s on-premise VSA RMM tool to compromise nearly 60 MSPs and encrypt the data and demand ransom payments from up to 1,500 of their end user customers. And a critical vulnerability in Java logging package Log4j has sent shockwaves throughout the industry given how frequently that open-source library is used to develop enterprise software.
Industry players have turned to acquisitions to address the issue, with Aqua Security buying startup Argon in December to thwart third-party threats to the development environment and ensure the software supply chain is secure. Argon’s technology gives companies more control over who has access to their code and what code they’re allowed to input.