Software Supply Chain Attacks Under the Magnifying Glass at Black Hat

Nurit Bielorai
Aug 12 · 2 min read

Software supply chain attacks and the fast pace at which they’re escalating were a focal point at Black Hat 2021. After a year that included the SolarWinds, Kaseya, Codecov and multiple other large-scale supply chain breaches, it comes at no surprise that Matt Tait, COO at Corellium and Keynote speaker, decided to address it as one of the most critical cyber threats of the moment. 

See below the main insights:

Software Supply Chain attacks are growing in frequency, scale, and danger 

According to ENISA, the European Union Agency for Cybersecurity, 66% of today’s attacks target software-provider’s code.  This makes sense when we consider that software supply chain attacks have a waterfall effect – A successful breach to the development process of a single software-provider essentially opens the door to all of its customers’ and their infrastructure. 

Tait warned that, although the frequency and size of these types of attacks are already high, it will only increase. When taking into account the complexity of the software development lifecycle, the vast amount of tools and plug-ins that form part of the CI/CD development pipelines, and the built-in vulnerabilities of open-source components, it’s only to be expected that more companies (ones with many customers and thus, larger reach) will fall victims to these attacks. 

“Its likely to start to escalate in the coming months and years. And when something really big happens… everything else will look like complete peanuts” in comparison.

Companies need to step up and protect their software development process proactively

As to what can and needs to be done; all companies that develop software, whether on a small or large scale, “need to step up” and protect it proactively. The risk is no longer threatening just them and their data, but their entire customer base and their infrastructure. By toughening up the security of their software development infrastructure (CI/CD pipelines), process, and code, they can protect themselves from falling victims to supply chain attacks, and conserve their customers’ trust in their software.

How can Argon help? 

Software supply chain attacks are at an all-time high, and the cyber community only expects this trend to continue to rise exponentially. Now more than ever companies need to protect their software development infrastructure, process, and code. 

Argon helps customers tackle these security risks head-on. Argon’s solution provides companies with instant visibility over their development environments, no matter how complex they are, and enables them to visualize their users, assets, dependencies and critical risks within a unified dashboard. Argon helps customers to proactively close security gaps, harden their supply chain infrastructure and ensure that the entire software development and delivery process is built upon strong code and process integrity. With real-time alerts and automatic remediation, companies can ensure that their software supply chain is as secure as can be from supply chain attacks like SolarWinds and Codecov. 

Keywords: DevOps, DevSecOps, Supply Chain Security, Software Supply Chain, Supply Chain Attacks, Software Supply Chain Attacks, CICD Security, CICD Pipelines, SolarWinds, Codecov, Blackhat

Nurit Bielorai
Aug 12 · 2 min read

Related Articles

Dependency Confusion: An open door to your on-prem

Modern software development and delivery is not done in a silo, on a single-developer machine. It is written in collaboration…

Eilon Elhadad
Sep 09 · 4 min read

The Essential Guide to Dependency Graphs

When building legacy or cloud-native applications, codebases can quickly become entangled. This complexity becomes an issue when your teams add…

Eylam Milner
Aug 29 · 7 min read

The importance of least privilege access in your CI/CD pipeline

There are many aspects to securing a software supply chain, and these keep changing and growing as technology advances. One…

Eylam Milner
Aug 23 · 5 min read

End-to-End CI/CD Security Platform

open source vulnerability scanner
Join our CTO in a thought-provoking discussion on software supply chain attacks with Cyberint
Join our CTO in a thought-provoking discussion on supply chain attacks