Keys and signatures
The devastating attack on Solar Winds discovered in December 2020 shows how a single weak link can undo even the most thoughtful security regimen. Here a supply chain attack was used to ship poisoned updates to its Orion software, used by thousands of customers worldwide to manage their infrastructure.
These customers include several US government departments and major tech companies, and since the malware it bundled was so stealthy, many of them had no way of knowing what data was stolen or for how long it was accessible. Similar attacks have targeted Windows updates (for example, the malware in 2012) and more recently the EncroChat messaging system, whose update mechanism was compromised by police in 2020, leading to 800 arrests across Europe.
You’re reading a preview, subscribe to read more.
Start your free 30 days