Blog

Liderazgo del pensamiento

El futuro de la ciberseguridad: Los ataques a la cadena de suministro de software serán un hecho en 2022

El futuro de la ciberseguridad: Los ataques a la cadena de suministro de software serán un hecho en 2022Default blog imageDefault blog image
13
Jan 2022
13
Jan 2022

In 2020, the financial services sector was the industry that experienced the most cyber-attacks. For years, attackers targeted these organizations because they were expectedly lucrative targets.

But in 2021, the financial services sector was no longer the most targeted. Instead, the IT and communications sector, including telecommunications providers, software developers, managed security service providers, and others faced the most attempted cyber-attacks.

This shift in priority target is not surprising for industry experts given the numerous high-profile software supply chain attacks in 2021, including those on SolarWinds, Kaseya and GitLab. Bad actors increasingly see software and developer infrastructure, platforms, and providers as entry vectors into governments, corporations, and critical infrastructure.

Los investigadores de Darktrace observaron que su inteligencia artificial (IA) interrumpió de forma autónoma alrededor de 150.000 amenazas cada semana contra el sector en 2021. Estas conclusiones de la investigación se elaboran a partir de los datos de Darktrace generados por el "análisis de indicadores tempranos", que examina las migas de pan de los posibles ciberataques en varias etapas antes de atribuirlos a cualquier actor y antes de que se conviertan en una crisis en toda regla.

From this analysis, Darktrace predicts that, in 2022, we will see threat actors embed malicious software throughout the software supply chain, including proprietary source code, developer repositories, open-source libraries, and more. We will likely see further supply chain attacks against software platforms and additional publicized vulnerabilities.

Explaining the shift

This increase in attacks on this sector is likely because more companies rely on third-party trusted suppliers to handle their data while it’s in motion and at rest. This cyber-attack vector has proven substantially profitable for attackers who focused their efforts on related organizations to get to a target’s crown jewels. This shift means that small- and medium-sized companies are now more likely to experience an attack, even if they are not the end target.

Most recently, the uncovered vulnerability ‘Log4Shell’ embedded in a widely used software library left billions of devices exposed and prompted the Cybersecurity and Infrastructure Security Agency to provide formal guidance.

Unfortunately, many of these libraries are only updated and supported by volunteers, making it easy for vulnerabilities and intentional corruptions to slip through. DevSecOps will be a significant discussion point in 2022 as organizations begin to understand the importance of baking security into applications much earlier in the development process. Risks presented by the dependence on open source will put dev teams front and center.

Email phishing persists as a reliable method for attackers

Despite this relevant shift in targets, Darktrace found that the most widely used attack method on the IT sector continues to be phishing. Darktrace found that organizations in the industry faced an average of 600 unique email phishing campaigns a month in 2021. These campaigns also matured in sophistication, as most no longer contain a malicious link or attachment as in the typical ill-intended email.

In 2022, attackers will continue to advance their email attacks to hijack the communications chain more directly. We will see attackers hijack trusted supplier accounts to send spear phishing emails from genuine, trusted accounts, as we saw in the November 2021 FBI account takeover.

Top cyber-criminals will use ‘clean’ emails containing normal text, with messages carefully crafted to impersonate a trusted third party to induce recipients to reply and reveal sensitive information.

Facing the increase in attacks head-on

As the global software supply chain becomes increasingly interconnected, governments, corporations, and critical infrastructure organizations are all at risk of breach not only through their software and communications suppliers but via any security flaw in the extensive global software supply chain.

In the face of this cyber threat, organizations must focus on not only their own cyber resilience but also ensure they can hold their trusted suppliers accountable to best cyber practices. There is no magic solution to finding attacks embedded in your software suppliers, so the real challenge for organizations will be to operate while accepting this risk. This year, like 2021, it is increasingly unrealistic for these companies to hope to avoid breaches via their supply chains. Instead, they must have the ability to detect the presence of attackers after a breach and stop this malicious activity in the early stages.

If attackers can embed themselves at the beginning of the development process, organizations will have to detect and stop the attacker after they have gotten through. This problem calls for cyber defense technology that can spot vulnerabilities as threat actors exploit them.

This threat reinforces the need for security to be integrated earlier in the development process and the importance of quickly containing attacks to prevent business disruption. Since these are multi-stage attacks, organizations can use AI at every step to contain and remediate the threat.

More in this series:

No se ha encontrado ningún artículo.

¿Te gusta esto y quieres más?

Reciba el último blog en su bandeja de entrada
Gracias. Hemos recibido su envío.
¡Ups! Algo salió mal al enviar el formulario.
DENTRO DEL SOC
Darktrace son expertos de talla mundial en inteligencia de amenazas, caza de amenazas y respuesta a incidentes, y proporcionan apoyo al SOC las 24 horas del día a miles de clientes de Darktrace en todo el mundo. Inside the SOC está redactado exclusivamente por estos expertos y ofrece un análisis de los ciberincidentes y las tendencias de las amenazas, basado en la experiencia real sobre el terreno.
AUTOR
SOBRE EL AUTOR
Justin Fier
SVP, Red Team Operations

Justin is one of the US’s leading cyber intelligence experts, and holds the position of SVP, Red Team Operations at Darktrace. His insights on cyber security and artificial intelligence have been widely reported in leading media outlets, including the Wall Street Journal, CNN, The Washington Post, and VICELAND. With over 10 years’ experience in cyber defense, Justin has supported various elements in the US intelligence community, holding mission-critical security roles with Lockheed Martin, Northrop Grumman Mission Systems and Abraxas. Justin is also a highly-skilled technical specialist, and works with Darktrace’s strategic global customers on threat analysis, defensive cyber operations, protecting IoT, and machine learning.

share this article
Cobertura básica
Este artículo
El futuro de la ciberseguridad: Los ataques a la cadena de suministro de software serán un hecho en 2022
Compartir
Twitter logoLinkedIn logo

Buenas noticias para su negocio.
Malas noticias para los malos.

Inicie su prueba gratuita

Inicie su prueba gratuita

Entrega flexible
Puedes instalarlo virtualmente o con hardware.
Instalación rápida
Sólo 1 hora de instalación - y aún menos para una prueba de seguridad del correo electrónico.
Elige tu viaje
Pruebe IA de autoaprendizaje donde más lo necesite, incluyendo la nube, la red o el correo electrónico.
Sin compromiso
Acceso completo al visualizador de amenazas Darktrace y a tres informes de amenazas a medida, sin obligación de compra.
For more information, please see our Privacy Notice.
Gracias. Hemos recibido su envío.
¡Ups! Algo salió mal al enviar el formulario.

Obtenga una demostración

Entrega flexible
Puedes instalarlo virtualmente o con hardware.
Instalación rápida
Sólo 1 hora de instalación - y aún menos para una prueba de seguridad del correo electrónico.
Elige tu viaje
Pruebe IA de autoaprendizaje donde más lo necesite, incluyendo la nube, la red o el correo electrónico.
Sin compromiso
Acceso completo al visualizador de amenazas Darktrace y a tres informes de amenazas a medida, sin obligación de compra.
Gracias. Hemos recibido su envío.
¡Ups! Algo salió mal al enviar el formulario.

Check out this article by Darktrace: The future of cyber security: Software supply chain attacks become a given in 2022