最具破坏性的软件供应链攻击分析.pdf

1、PROMIS Visit PROMIS promisedu.seAnalysis of the most destructive software supply chain attacksby Dr.Oleksandr Adamov and Dr.Oleksii BaranovskiySenior Lecturer BTH20 November 2024Professional Master in Information SecurityOnline Courses for Professionals in SecurityUpcoming Security Seminars and Even

2、ts Send an email to Monique Johansson mowbth.se to subscribe to our mailing list and stay up to date for PROMIS talks and events!CrowdStrike incident(19/07/2024)Types of supply chain attacksSupply chain compromise can take place at any stage of the supply chain including manipulation/compromise of:d

3、evelopment tools and environment;source code repositories(public or private);replacement of legitimate software;software update/distribution mechanisms;system images and containers.Sources:https:/csrc.nist.gov/CSRC/media/Projects/Supply-Chain-Risk-Management/documents/ssca/2017-winter/NCSC_Placemat.

4、pdf Types of supply-chain attacks by Microsoft1.Compromised software building tools or update infrastructure2.Stolen code-sign certificates or signed malicious apps using the identity of dev company3.Compromised specialized code shipped into hardware or firmware components4.Pre-installed malware on

5、devices(cameras,USB,phones,etc.)Source:https:/ NotPetya via M.E.Doc-2017Backdoor in MEDocs ZvitPublishedObjects.dllSource:https:/ C:Windowssystem32rundll32.exe C:Windowsperfc.dat,#1 30NotPetya via M.E.Doc-2017SolorigateSolarigate backdoor in SolarWinds Orion platform reported by FireEye on December

6、08,2020Source:https:/ attack via Kaseya VSA(2021)Targets:1000+organizationsNorwegian financial software developer Visma,who manages some systems for Swedish supermarket chain Coop.The supermarket chain had to close down its 800 stores for almost a week.Source: