The recent news about the SolarWinds hack has put software supply-chain attacks back in the limelight. But these types of attacks on commercial products aren’t new. In the past few years alone, at least four others come to mind.
Security pros may recall the 2017 NotPetya attack on tax accounting software by M.E. Doc that crippled Ukraine as well as impacted computer operations in other parts of the world. That was only four years ago. Later that same year, researchers found an advanced backdoor embedded in one of the code libraries of NetSarang’s server management software. Then, hackers broke into Piriform’s servers and inserted malware into CCleaner’s releases. And in Operation ShadowHammer, malicious actors targeted the Asus Live Update Utility that inserted a live backdoor, impacting more than one million users.
Please register to continue.
Already registered? Log in.
Once you register, you'll receive:
The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.
Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.
SC Media’s essential morning briefing for cybersecurity professionals.
One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.