Blog

Thought Leadership

サイバーセキュリティの未来:2022年、ソフトウェアサプライチェーン攻撃は当たり前になる

サイバーセキュリティの未来:2022年、ソフトウェアサプライチェーン攻撃は当たり前になるDefault blog imageDefault blog image
13
Jan 2022
13
Jan 2022

In 2020, the financial services sector was the industry that experienced the most cyber-attacks. For years, attackers targeted these organizations because they were expectedly lucrative targets.

But in 2021, the financial services sector was no longer the most targeted. Instead, the IT and communications sector, including telecommunications providers, software developers, managed security service providers, and others faced the most attempted cyber-attacks.

This shift in priority target is not surprising for industry experts given the numerous high-profile software supply chain attacks in 2021, including those on SolarWinds, Kaseya and GitLab. Bad actors increasingly see software and developer infrastructure, platforms, and providers as entry vectors into governments, corporations, and critical infrastructure.

Darktrace’s researchers observed that its artificial intelligence (AI) autonomously interrupted around 150,000 threats each week against the sector in 2021. These research findings are developed based on Darktrace data generated by ‘early indicator analysis’ that looks at the breadcrumbs of potential cyber-attacks at several stages before attributing them to any actor and before they escalate into a full-blown crisis.

From this analysis, Darktrace predicts that, in 2022, we will see threat actors embed malicious software throughout the software supply chain, including proprietary source code, developer repositories, open-source libraries, and more. We will likely see further supply chain attacks against software platforms and additional publicized vulnerabilities.

Explaining the shift

This increase in attacks on this sector is likely because more companies rely on third-party trusted suppliers to handle their data while it’s in motion and at rest. This cyber-attack vector has proven substantially profitable for attackers who focused their efforts on related organizations to get to a target’s crown jewels. This shift means that small- and medium-sized companies are now more likely to experience an attack, even if they are not the end target.

Most recently, the uncovered vulnerability ‘Log4Shell’ embedded in a widely used software library left billions of devices exposed and prompted the Cybersecurity and Infrastructure Security Agency to provide formal guidance.

Unfortunately, many of these libraries are only updated and supported by volunteers, making it easy for vulnerabilities and intentional corruptions to slip through. DevSecOps will be a significant discussion point in 2022 as organizations begin to understand the importance of baking security into applications much earlier in the development process. Risks presented by the dependence on open source will put dev teams front and center.

Email phishing persists as a reliable method for attackers

Despite this relevant shift in targets, Darktrace found that the most widely used attack method on the IT sector continues to be phishing. Darktrace found that organizations in the industry faced an average of 600 unique email phishing campaigns a month in 2021. These campaigns also matured in sophistication, as most no longer contain a malicious link or attachment as in the typical ill-intended email.

In 2022, attackers will continue to advance their email attacks to hijack the communications chain more directly. We will see attackers hijack trusted supplier accounts to send spear phishing emails from genuine, trusted accounts, as we saw in the November 2021 FBI account takeover.

Top cyber-criminals will use ‘clean’ emails containing normal text, with messages carefully crafted to impersonate a trusted third party to induce recipients to reply and reveal sensitive information.

Facing the increase in attacks head-on

As the global software supply chain becomes increasingly interconnected, governments, corporations, and critical infrastructure organizations are all at risk of breach not only through their software and communications suppliers but via any security flaw in the extensive global software supply chain.

In the face of this cyber threat, organizations must focus on not only their own cyber resilience but also ensure they can hold their trusted suppliers accountable to best cyber practices. There is no magic solution to finding attacks embedded in your software suppliers, so the real challenge for organizations will be to operate while accepting this risk. This year, like 2021, it is increasingly unrealistic for these companies to hope to avoid breaches via their supply chains. Instead, they must have the ability to detect the presence of attackers after a breach and stop this malicious activity in the early stages.

If attackers can embed themselves at the beginning of the development process, organizations will have to detect and stop the attacker after they have gotten through. This problem calls for cyber defense technology that can spot vulnerabilities as threat actors exploit them.

This threat reinforces the need for security to be integrated earlier in the development process and the importance of quickly containing attacks to prevent business disruption. Since these are multi-stage attacks, organizations can use AI at every step to contain and remediate the threat.

More in this series:

該当する項目はありません。

Like this and want more?

Receive the latest blog in your inbox
ありがとうございます!あなたの投稿を受け取りました。
フォームを送信する際に何らかの問題が発生しました。
INSIDE THE SOC
Darktrace cyber analysts are world-class experts in threat intelligence, threat hunting and incident response, and provide 24/7 SOC support to thousands of Darktrace customers around the globe. Inside the SOC is exclusively authored by these experts, providing analysis of cyber incidents and threat trends, based on real-world experience in the field.
AUTHOR
ABOUT ThE AUTHOR
Justin Fier
SVP, Red Team Operations

Justin is one of the US’s leading cyber intelligence experts, and holds the position of SVP, Red Team Operations at Darktrace. His insights on cyber security and artificial intelligence have been widely reported in leading media outlets, including the Wall Street Journal, CNN, The Washington Post, and VICELAND. With over 10 years’ experience in cyber defense, Justin has supported various elements in the US intelligence community, holding mission-critical security roles with Lockheed Martin, Northrop Grumman Mission Systems and Abraxas. Justin is also a highly-skilled technical specialist, and works with Darktrace’s strategic global customers on threat analysis, defensive cyber operations, protecting IoT, and machine learning.

share this article
COre coverage
This Article
サイバーセキュリティの未来:2022年、ソフトウェアサプライチェーン攻撃は当たり前になる
Share
Twitter logoLinkedIn logo

Good news for your business.
Bad news for the bad guys.

無償トライアルを開始

無償トライアルを開始

柔軟な導入
仮想的にインストールすることも、ハードウェアでインストールすることも可能です。
迅速なインストール
設定時間はわずか1時間、メールセキュリティのトライアルはさらに短時間で完了します。
製品を選ぶ
クラウド、ネットワーク、Eメールなど、最も必要とされる領域で自己学習型AIの能力をお試しください。
購入義務なし
Darktrace Threat Visualizerと組織毎にカスタマイズされた3回の脅威レポートへのフルアクセスを提供しますが、購入の義務はありません。
For more information, please see our Privacy Notice.
ありがとうございます!あなたの投稿を受け取りました。
フォームを送信する際に何らかの問題が発生しました。

デモを見る

柔軟な導入
仮想的にインストールすることも、ハードウェアでインストールすることも可能です。
迅速なインストール
設定時間はわずか1時間、メールセキュリティのトライアルはさらに短時間で完了します。
製品を選ぶ
クラウド、ネットワーク、Eメールなど、最も必要とされる領域で自己学習型AIの能力をお試しください。
購入義務なし
Darktrace Threat Visualizerと組織毎にカスタマイズされた3回の脅威レポートへのフルアクセスを提供しますが、購入の義務はありません。
ありがとうございます!あなたの投稿を受け取りました。
フォームを送信する際に何らかの問題が発生しました。

Check out this article by Darktrace: The future of cyber security: Software supply chain attacks become a given in 2022