Connect with us

Hi, what are you looking for?

Technology

Report: Software supply chain attacks increased 300% in 2021

Argon


Did you miss a session from the Future of Work Summit? Head over to our Future of Work Summit on-demand library to stream.

Software supply chain attacks grew by more than 300% in 2021, according to a study from Argon Security, recently acquired by Aqua Security.

The report found that the level of security across software development environments remains low, and every company evaluated had vulnerabilities and misconfigurations that can expose them to supply chain attacks. The study identified three primary areas of risk that companies should understand and address to improve software supply chain security.

Vulnerable package usage is one of the fastest-growing methods of carrying out a software supply chain attack. Two common attacks that leverage vulnerable packages are: 1) exploiting packages’ existing vulnerabilities to obtain access to the application and execute the attack, and 2) planting malicious code in popular open source packages and private packages to trick developers or automated pipeline tools into incorporating them as part of the application build process.

Visualizing where and how some of the biggest attacks compromise the software supply chain.
Visualizing where and how some of the biggest attacks compromise the software supply chain.

Furthermore, compromised CI/CD pipeline can expose an application’s source code. This type of breach is hard to identify and can cause significant damage if left undetected. Attackers can take advantage of privileged access, misconfigurations, and vulnerabilities in the CI/CD pipeline infrastructure, which provides access to critical IT infrastructure, development processes, source code, and applications. It enables attackers to change code or inject malicious code during the build process and tamper with applications.

Finally, code/artifact integrity was another one of the main risk areas identified. The upload of bad code to source code repositories directly impacts artifact quality and security posture. Common issues that were found in most customer environments were sensitive data in code, code quality and security issues, infrastructure as code issues, container image vulnerabilities and misconfigurations. Many issues discovered required dedicated time-intensive cleanup projects to reduce exposure.

Findings were based on a six-month analysis of customer security assessments conducted by Argon’s researchers to determine the state of enterprise security and readiness to defend against software supply chain attacks.

Read the full report by Argon Security and Aqua Security.

Advertisement. Scroll to continue reading.
VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn More



Source link

Click to comment

Leave a Reply

Latest

Technology

Something to look forward to: The first game to support AMD’s new FSR 2.0 upscaler was Deathloop, which compares favorably to Nvidia’s DLSS. Recently,...

Social Media

LinkedIn is currently seeing ‘record levels’ or user engagement, but much of that is seemingly dominated by re-posts from other platforms, spam, vaguely topical...

Top Stories

Brazil’s Federal Reserve (RFB) has declared that Brazilian investors in the crypto-asset market must pay income tax on transactions that involve the like-kind exchange...

Technology

WordPress is web software you can use to create a beautiful website or blog. We like to say that WordPress is both free and...

Social Media

Digital content managers and webmasters, best to keep an eye on your Google rankings over the next few weeks. Today, Google has confirmed that...

Social Media

Reddit’s looking to make a bigger push on its Reddit Talk audio social experiment, with a new Host Program to help it find and...

Advertisement

You May Also Like

Uncategorized

Introductions get a lot of attention. I’ve explored the topic of how to write them even though as a reader, I always skip them....

SEO Guide

There are all kinds of pictures of the world on the internet, but to find one of these specific pictures that you want to...

Online Business Success

The internet is now our nervous system. We are constantly streaming and buying and watching and liking, our brains locked into the global information...

Online Business Success

You can think of link building in many ways. I like to call it tedious, painful, and a test of patience. It’s also necessary...

Advertisement