Adversaries increasingly using vendor and contractor accounts to infiltrate networks

The software supply chain has become a key security focus for many organizations, but the risks associated with supply chain attacks are often misunderstood. High-profile incidents like those reported by 3CX and MSI routinely grab headlines, continuing a trajectory of big-name security events that involve one specific aspect of the supply chain – software.

Successful software-focused supply chain attacks can give an adversary access to dozens or even hundreds of victims, but they are resource-intensive and require an extensive understanding of the target environment, the build process, and the software itself.

Read more…
Source: Cisco Talos