Today’s columnists, Pascal Geenens and Daniel Smith of Radware, say that while the SolarWinds case brought supply-chain attacks into the limelight, they are not new and security teams must finally manage them more effectively. ecooper99 CreativeCommons Credit: CC BY 2.0

The recent news about the SolarWinds hack has put software supply-chain attacks back in the limelight. But these types of attacks on commercial products aren’t new. In the past few years alone, at least four others come to mind.

Security pros may recall the 2017 NotPetya attack on tax accounting software by M.E. Doc that crippled Ukraine as well as impacted computer operations in other parts of the world. That was only four years ago. Later that same year, researchers found an advanced backdoor embedded in one of the code libraries of NetSarang’s server management software. Then, hackers broke into Piriform’s servers and inserted malware into CCleaner’s releases. And in Operation ShadowHammer, malicious actors targeted the Asus Live Update Utility that inserted a live backdoor, impacting more than one million users.

Please register to continue.

Already registered? Log in.

Once you register, you'll receive:

  • News analysis

    The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.

  • Archives

    Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.

  • Daily Newswire

    SC Media’s essential morning briefing for cybersecurity professionals.

  • Learning Express

    One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.