2021 can be described as the year of the software supply chain attack – the year in which SolarWinds opened the world’s eyes, and the extent of the threat became apparent.
Apart from SolarWinds, other major attacks included Kaseya, Codecov, ua-parser-js and Log4j. In each case, the attraction for the attacker is that a single breach, compromise or vulnerability in distributed code can lead to multiple – even thousands – of victims.
Following a six-month analysis of customer security assessments conducted by Argon (an Aqua Security company), the 2021 Software Supply Chain Security Report highlights the primary areas of criminal focus: open-source vulnerabilities and poisoning; code integrity issues; and exploiting the software supply chain process and supplier trust to distribute malware or backdoors.