US warns of supply chain cyber-attacks

The US intelligence community has issued a new warning about cyber-espionage risks posed by attacks made via the technology supply chain.
A report said China, Russia and Iran were the most capable and active states involved in such economic subterfuge.
Software supply chain infiltration had already threatened critical infrastructure, it warned, and was poised to imperil other sectors.
It added that sensitive data owned by US bodies had been put at risk.
The Foreign Economic Espionage Report was published by the US’s National Counterintelligence and Security Center (NCSC).
It said that last year marked a “watershed”, with seven significant software supply chain events having been made public.
By comparison, only four such incidents had been widely reported between 2014 and 2016, it said.
‘Key threat’
The concern is that attackers are looking for new ways to exploit computer networks via the privileged access given to technology providers.
“Software supply chain infiltration is one of the key threats that corporations need to pay attention to, particularly how software vulnerabilities are exploited,” William Evanina, the NCSC’s director and the US’s top counter-intelligence official, told the BBC.
“To get around increasingly hardened corporate perimeters, cyber-actors are targeting supply chains.
“The impacts to proprietary data, trade secrets, and national security are profound.”
The report highlights a number of attacks.
They include the spread of a booby-trapped version of CCleaner – a computer-cleaning program – which was revealed last September.

Source: BBC

Comment here