"Copycat And Fad Hackers Will be The Bane of Supply Chain Security in 2022"

Security researchers have warned that replicable attacks and a low barrier to entry will ensure the rate of supply chain attacks increases in 2022.  The researchers stated that by compromising a centralized service, platform, or software, attackers can then either conduct widespread infiltration of the customers and clients of the original victim or may choose to cherry-pick from the most valuable potential targets.   Doing this can save adversaries time and money, as one successful attack can open the door to potentially thousands of victims at once.  In an analysis of 24 recent software supply chain attacks, including those experienced by Codecov, Kaseya, SolarWinds, and Mimecast, the European Union Agency for Cybersecurity (ENISA) said that the planning and execution stage of supply chain attacks are usually complex, but the attack methods often chosen are not.  The researchers noted that supply chain attacks can be conducted through the exploitation of software vulnerabilities, malware, phishing, stolen certificates, compromised employee credentials & accounts, vulnerable open source components, and firmware tampering, among other vectors.   Ilkka Turunen, Field CTO of Sonatype, said that malicious software supply chain activity is likely to increase in 2022 due to low barrier to entry attack methods, such as dependency confusion, which is a "highly replicable" attack method.  Security researchers also believe that ransomware incidents will also increase in 2022.  Forcepoint researchers expect to see a "significant" rise in copycat attacks against the supply chain in 2022.  The researchers at Forcepoint are urging organizations to conduct frequent code reviews of software used.  They also encourage organizations to keep security in mind during every step of the software development and deployment process.

ZDNet reports: "Copycat And Fad Hackers Will be The Bane of Supply Chain Security in 2022"