Operations | Monitoring | ITSM | DevOps | Cloud

You must secure your software supply chain. Now, more than ever, it is vital. For a long time, a primary concern in security was malicious actors exploiting inherent weaknesses in software. Privilege escalations, SQL injections, race conditions etc. These are, of course, still a concern and should be afforded the attention that they deserve. But now, there is another worry, one that is arguably even more important – A Supply Chain Attack.

Because of the recent cyberattack, we’ve asked you to update your Orion Platform several times. While these updates are necessary for the safety and performance of your environment, we understand there can be delays due to Change Advisory Boards (CABs), change freezes, and other factors.

The recent news of a cyberattack on a water treatment plant carried out by a remote perpetrator came as a shock to organizations around the world. Earlier this month, an unauthorized threat actor had remotely accessed the plant’s control systems via TeamViewer and used it to increase the amount of sodium hydroxide (lye) in water to dangerously higher levels.

We’ve all been watching closely as the Solarwinds hack, known as SUNBURST, gets its due analysis. This attack was sophisticated and rightfully should concern any company. Companies are now — or should be — considering not only what products they are using but to what attack vectors those products are exposed that unduly extend attack surfaces. Solarwinds makes great products — I’ve used them for years.

SolarWinds' widely-used Orion IT platform has been the subject of a supply-chain compromise by an unidentified threat actor. The attack was discovered in December 2020, but it appears to have begun in March 2020 when the attacker used trojan malware to open a backdoor on SolarWinds customers around the world.

Is your organization prepared to mitigate Distributed Denial of Service (DDoS) attacks against mission-critical cloud-based applications? A DDoS attack is a cyber attack that uses bots to flood the targeted server or application with junk traffic, exhausting its resources and disrupting service for real human users. DDoS attacks are on the rise, with over 4.83 million attacks reported in the first half of 2020 - an increase of more than 250% compared to the same period in 2019.

In the mid of December, SolarWinds disclosed that the company experienced a highly sophisticated, manual supply chain attack on versions of the Orion network monitoring product released in March – June 2020. The company shared that the attack was most likely conducted by foreign hackers and intended to be narrow, remarkably targeted, and manually executed attack.

Five worthy reads is a regular column on five noteworthy items we’ve discovered while researching trending and timeless topics. This week we are exploring the concept of supply chain cybersecurity in a time when there is a rising number of third-party cyberattacks.

In this blog, we break down the timeline of the number one hacker threat to ecommerce sites today – Magecart. The 2020 Magecart timeline includes all the significant Magecart attacks in 2020. With 4,800 formjacking attacks each month alone, this timeline only represents a small proportion of attacks reported in the public domain in 2020.

The SolarWinds hack, which has affected high-profile Fortune 500 companies and large U.S. federal government agencies, has put the spotlight on software development security — a critical issue for the DevOps community and for JFrog. At a fundamental level, if the code released via CI/CD pipelines is unsafe, all other DevOps benefits are for naught.